[OpenWireless Tech] Securing Open Wireless
Michael Blizek
michi1 at michaelblizek.twilightparadox.com
Thu Jul 28 21:16:31 PDT 2011
Hi!
On 15:27 Thu 28 Jul , Christopher Byrd wrote:
> On Thu, Jul 28, 2011 at 2:49 PM, Michael Blizek
> <michi1 at michaelblizek.twilightparadox.com> wrote:
> >> That's part of it. Systems leak a lot of information before the VPN is
> >> established, and most of it is protocols other than HTTP.
> >
> > Then the VPN is broken and can be fixed. VPNs should not allow any traffic
> > bypassing. On my systems, when the VPN is down, data simply gets dropped.
>
> Really? How do you log into the wireless hotspot captive portals then?
These portals will need to die at some point anyway. You have said yourself
what kind of cache poisoning attacks will became possible. Also these portal
are annoying and make some things hard or impossible - like mobile phones
transparantly using them.
> How do you resolve the DNS name of your VPN gateway? How do you obtain
> an IP address via DHCP?
DHCP/DNS: Yes, this shows how deeply IP based VPNs need to be integrated into
the operating system. But it surely is possible. You could set up a simple
firewall which only lets the VPN client use the physical network. Linux has
this thing called policy routing which allows you to define multiple routing
tables.
-Michi
More information about the Tech
mailing list