nanog mailing list archives
RE: Public Wireless access (ticket / token / schedule based)
From: "Stefan Fouant" <sfouant () shortestpathfirst net>
Date: Tue, 28 Dec 2010 11:18:45 -0500
-----Original Message----- From: Robert E. Seastrom [mailto:rs () seastrom com] Sent: Monday, December 27, 2010 11:51 PM To: Bill Lewis Cc: nanog () nanog org Subject: Re: Public Wireless access (ticket / token / schedule based) Is there some reason you can't run it wide open without even so much as a captive-portal-check-the-box thing? All of the commercial boxes I've seen for doing what you say you want to do have been Deeply Unsatisfactory in some way (Nomadix is at the top of the list here). If you lose the authentication altogether and just make sure that there is a bandwidth lid on per host overall usage plus more conservative limits for things like the usual torrent ports and of course blocking certain other ports entirely... you've just eliminated the administrative overhead of issuing credentials to your visitors and streamlined your entire process.
As Robert mentioned, all the current solutions are deeply unsatisfactory and full of holes. Most of the authentication based solutions simply whitelist the user based on their MAC address which is altogether easy to spoof (simply clone the MAC of an authenticated user and you are clear for takeoff)... Why incur the overhead of managing credentials with something that can so easily circumvented. Leave things wide open on a sandboxed subnet with the usual protections (rate limits, blocked ports), IMO is the easiest approach... Stefan Fouant
Current thread:
- Public Wireless access (ticket / token / schedule based) Bill Lewis (Dec 27)
- Re: Public Wireless access (ticket / token / schedule based) Robert E. Seastrom (Dec 27)
- Re: Public Wireless access (ticket / token / schedule based) Christopher Morrow (Dec 27)
- RE: Public Wireless access (ticket / token / schedule based) Stefan Fouant (Dec 28)
- Re: Public Wireless access (ticket / token / schedule based) Jeff Kell (Dec 28)
- Re: Public Wireless access (ticket / token / schedule based) james (Dec 28)
- RE: Public Wireless access (ticket / token / schedule based) Stefan Fouant (Dec 28)
- <Possible follow-ups>
- RE: Public Wireless access (ticket / token / schedule based) Martin Hotze (Dec 28)
- Re: Public Wireless access (ticket / token / schedule based) Robert E. Seastrom (Dec 27)