OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: Wired captive portal pen-test

From: JosŽé M. Palazón Romero (josem.palazongmail.com)
Date: Tue Jul 15 2008 - 16:53:32 CDT


> I saw ARP requests coming from the router and asking for the MAC of
> several other IPs of the same segment where my laptop was connected (in
> my case, 192.168.9.x). I didn't catch any ARP responses...

You are not supposed to catch them. ARP requests ("Who is x.x.x.x? Tell
yy:yy:yy:yy:yy:yy") are broadcasted, but replys ("x.x.x.x is
xx:xx:xx:xx:xx:xx") are not. The host with the IP will answer only to
the host that generated the query.

Beside that, I don't think they are filtering on the switches, keep us
posted on your research.

About pentesting it, what are you interested in? If you want to escape
the captive portal and get Internet for free, you might want to try:

http://thomer.com/icmptx/

or

http://thomer.com/howtos/nstx.html

Or this other amazing thing I discovered some weeks ago:

http://samy.pl/chownat/

Palako

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------