[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/06/13 20:33, Martijn Grooten wrote: > On Wed, Jun 12, 2013 at 8:21 PM, Mark Evans wrote: >> One issue with the "captive portal" idea is that it assumes >> traffic to port 80 TCP/IP. (With a web browser being operated by >> a human.) >> >> How would you treat traffic obviously not web browser related? >> e.g. VoIP and VPN. > > I might be wrong about some of the implementation details, but > here's what seems to happen in most hotels (at least the bigger > ones) these days: if an unknown device connects to the (open) > network, any traffic from that device but TCP port 80 is dropped; > TCP port 80 is sent to a local web interface. Is there an address which will always resolve, but will either never have a web server or will only serve something of the form <html><title></title><body></html> thus can be put in a proxy exception? > Once the user logs in on that interface, the device is recognised > and future requests, regardless of protocol and port, are sent to > the open Internet. > > I've used that in three different hotels in the past week. Once > logged in, I was able to connect my laptop to the company's VPN > without any issues. Except for needing a certain browser configuration to get that far in the first place. A configuration which makes it rather easy to get malware on the machines in question. Especially if running Windows. Maybe your company dosn't users who WILL manage to install enough junk to render the machine un-usable within less than a month unless their web access is only through a filtering (e.g. blocks all Windows executables) proxy. (Since on-site access has to be through a proxy anyway turning proxies on and off is an added complication to start with. Part of the reason for implementing a VPN being to avoid the need for "on-site"/"off-site" reconfiguration.) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlG46BgACgkQsoRLMhsZpFcamQCeOaCf+tUszQLVryoNFULZrMQS FOUAoI0oJdmI9/8gs2f/Am7lqiNsxQ1W =srWm -----END PGP SIGNATURE----- -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq