We may very well have bugs lurking here. Need someone that knows FreeBSD internals to verify that the arp table is setup correctly, etc.
On 11/14/05, Szasz Revai Endre <[EMAIL PROTECTED]> wrote: > Of course I fully understand they can be spoofed, and way too easily, too. > Anyway that's not the point, why did it let a client access the > captive portal, when there are static arp entries enabled, and that > client (ip and mac) isn't defined in any of the arp entries? > I have the arp table filled till ip 30, so how come someone can access > it who isn't in there? Isn't the static arp entry definition that, > which allows only clients in this list to make connections to the > server? > > > Ethereal and a network card that allows you to change macs .. Trivial. > > Access to a network needs to be properly controlled (wired or wireless). > > > > Security needs to be designed in.. Physical access is never a deterant > > for the truly motivated. > > > > -----Original Message----- > > From: jonathan gonzalez [mailto:[EMAIL PROTECTED] > > Sent: Saturday, November 12, 2005 4:35 AM > > To: [email protected] > > Subject: Re: [pfSense Support] captive portal - Is this possible? > > > > spoofed ip/arp ;) ?? > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
