| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 11 Dec 2007 18:36:58 -0800 From: coderman <coderman@...il.com> To: gmaggro <gmaggro@...ers.com> Cc: Full Disclosure <full-disclosure@...ts.grok.org.uk> Subject: Re: Captive Portal bypassing On Dec 11, 2007 9:27 AM, gmaggro <gmaggro@...ers.com> wrote: > ... what I dislike about some of these techniques... they lack a certain > potency. If they reliably achieve their goal they are slow; if they have > better throughput then reliability becomes an issue. order of preference: a. UDP 53 openvpn tunnel (no tcp over tcp issues like 443 below) b. TCP 443 openvpn tunnel (still works nicely on most links) c. ICMP transport (pingtunnel, etc - often filtered) d. DNS transport (ozymandns, etc) if you can't even get DNS or ping packets through, you're most likely fucked. as for wireless, i remember someone implementing a pingtunnel like tun/tap transport on top of a wifi card doing management / control frame injection directed at the tower / radio for payload broadcast to a second party that can receive the tower / high power radio transmission at a distant location. (some of these signals carry over many miles :) the throughput is incredibly low, and unfortunately, it seemed to fuck with the IBSS DIFS timeouts like crazy and just turned the network to shit. anyone remember the tool(s) that did this? best regards, _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists