[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Visitor based netoworking

I took a look at nocat and it really seems to do almost the things 
I'm looking for *g* Thank you.

But I have a recommendation / question: Wouldn't it be possible to 
also check the MAC of clients on the net? This way we could make IP-
hijacking (as written in the nocat-whitepaper) a lot harder I think.

Unfortunately I don't know if this is possible with something like 
iptables - since mac-addresses work on a different (lower) layer.

On 10 Jun 2003 at 16:02, Keegan Quinn wrote:

> On Tuesday 10 June 2003 10:53 am, Stefan Neufeind wrote:
> > But what if you need an "open" system? Not loggin into domain but
> > loggin in via webinterface? E.g. when they try to surf the net they
> > get redirected to "authenticate here first".
> I think what you're looking for is implemented in a system called
> NoCatAuth, which was also mentioned by John Keimel.  It's fairly
> simple Perl, and is easily extensible to authenticate against just
> about any database.  Patches already exist for Radius, and others. 
> There is also a C version called NoCatSplash.  See http://nocat.net/
> This system is in wide use here in Portland, Oregon, for displaying
> messages to anonymous clients of public wireless networks.  It is
> easily adaptable.
> Neither NoCatAuth or NoCatSplash are yet in Debian, due primarily to a
> complete disregard for the FHS, but if anyone is sufficiently
> motivated, this could be changed...

Reply to: