(I'll bite to save Alan the déjà vu) An attacker sets up a captive portal system that looks exactly the same as yours (spoof). Users can't distinguish between the two captive portals, and so some users inevitably enter their credentials into the spoof portal. These credentials can be used by the attacker to gain network access through the authorised portal, or whatever else they're authorised for.
josh. > -----Original Message----- > From: > [EMAIL PROTECTED] > us.org > [mailto:[EMAIL PROTECTED] freeradius.org] On Behalf Of Tas Dionisakos > Sent: 23 January 2007 21:55 > To: FreeRadius users mailing list > Subject: Re: a freeradious/wireless solution for a school > > Please elaborate on how the system can be circumvented? > > Tas. > > [EMAIL PROTECTED] wrote: > > Hi, > > > > > >> * Apache > >> * Freeradius > >> * Chillispot > >> * Mysql > >> > > > > though note that captive portals are easy to mitigate/spoof and > > circumvent > > > > alan > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > > -- > ************************************* > Tas Dionisakos > IT Manager > St Mary's College and Newman College > The University of Melbourne > T: 03 9342 1708 > M: 0439 655 565 > E: [EMAIL PROTECTED] > C: (0o (||||)(||||) o0) > ************************************* > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
