First, thanks for the awesome scenario! Always a pleasure to read your mails Jake :)
Second, as Jake mentionned, in the scope that the "gaming registration" is actually working, there is no real big deal in this "issue" except the one that Jake mentionned (change of ownership of the device). We will have a look at it because it is not how it should work :) Thanks again for that fabulous email. Cheers! dw. -- Derek Wuelfrath [email protected] :: +1.514.447.4918 (x110) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) On 2013-08-14, at 9:25 PM, "Sallee, Stephen (Jake)" <[email protected]> wrote: >>> Can you elaborate on this? > > Sure, NP! > > The only check the gaming registration portal does is to make sure the MAC it > is given has the correct OUI, if it does the portal registers the device > under the user ID of the person who fills out the form. > > Let's say that Bob has an Xbox, he uses the portal page to register his Xbox > and is now happily playing CoD:MW instead of chatting up the ladies on > campus. Bob's nemesis, Gary, decides that he wants to mess with Bob. So, Gary > finds Bob's Xbox MAC and goes to the portal page and fills out the form using > Bob's MAC. > > According to my system Bob's Xbox now belongs to Gary. > > But this is where I get a bit confused, because while they are swapping names > in my records, nothing else is happening. They are staying on the gaming > vlan. I don't see any real danger other than 2 idiots getting into some kind > of registration war. > > However, for me there is another problem. We are considering removing the > OUI check from the portal and using it as a general registration page for > devices that do not have a traditional browser. Devices like smart TVs, > BluRay players, etc.. With this Our intrepid user Gary could, if he was > crafty enough, find MY MAC. Now, as you can see, I am The Godfather of > Bandwidth. My stations have unfettered access to the network (what can I > say, sometimes it's good to be me ... sometimes). Gary in what he considers > to be a stroke of genius decides to re-register my MAC using the portal. Now > my laptop is on the gaming vlan and my access is severely hampered. In the > intervening 3 1/2 minutes it takes me to figure out the issue and fix it (and > blacklist Gary) Gary could have done the same to a dozen more people since I > have been forbidden from setting a limit on the number of devices a person > can have registered. > > Anyway, there is my concern. Ideally, a simple check to make sure the device > is not already registered could solve all of this. And frustrate Garys > everywhere. > > > Jake Sallee > Godfather of Bandwidth > System Engineer > University of Mary Hardin-Baylor > 900 College St. > Belton TX. 76513 > Fone: 254-295-4658 > Phax: 254-295-4221 > HTTP://WWW.UMHB.EDU > > -----Original Message----- > From: Jason Frisvold [mailto:[email protected]] > Sent: Wednesday, August 14, 2013 2:34 PM > To: [email protected] > Subject: Re: [PacketFence-users] Potential Concern in Gaming Registration > Portal > > Sallee, Stephen (Jake) wrote: >> Hello! >> >> The gaming portal does not do any checking to see if the device you >> give it is in a state that need to be registered. >> >> The net effect of this is that a user can effectively hijack another >> user's device. > > Can you elaborate on this? I'm not sure what you mean by "in a state that > needs registered" .. Do you mean that someone can effectively hijack a MAC > address and re-register it as something else? > >> Although ... I'm not sure what a user could gain from doing this ... but >> anyway , there it is. >> >> Jake Sallee > > > -- > --------------------------- > Jason 'XenoPhage' Frisvold > [email protected] > --------------------------- > > "Any sufficiently advanced magic is indistinguishable from technology.\" > - Niven's Inverse of Clarke's Third Law > > ------------------------------------------------------------------------------ > Get 100% visibility into Java/.NET code with AppDynamics Lite! > It's a free troubleshooting tool designed for production. > Get down to code-level detail for bottlenecks, with <2% overhead. > Download for free and get started troubleshooting in minutes. > http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > ------------------------------------------------------------------------------ > Get 100% visibility into Java/.NET code with AppDynamics Lite! > It's a free troubleshooting tool designed for production. > Get down to code-level detail for bottlenecks, with <2% overhead. > Download for free and get started troubleshooting in minutes. > http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
