Home page logo

pen-test logo Penetration Testing mailing list archives

Wired captive portal pen-test
From: Roman Medina-Heigl Hernandez <roman () rs-labs com>
Date: Mon, 14 Jul 2008 17:41:35 +0200


I'm looking for information about pen-testing a captive portal commonly used in hotels. At least here in Spain I've seen that Quadriga (quadriga.com) commercial solution is commonly used. If I attach a laptop to the RJ45 of the room (with Quadriga), I receive an IP by DHCP. I can also ping the gateway. But I cannot see other IPs. I suspect they're using some kind of L2 filtering (to disable ARP-requests except to the gateway), perhaps I'm wrong, though. If I start a browser I'm redirected to a captive portal where I can see my room number in one of the parameters, so (I think) they are identifying my room by the switch port (I cannot figure other alternative since my laptop/MAC is not pre-registered so it's unknown to them).

Any information about these systems and how to pen-test them? Do you know which kind of security meassures does Quadriga apply in particular or more technical specs about this kind of systems? Do they use some special network hardware (hardened switch, etc)? Or are they deployed using common hardware (Cisco, etc)? Any manuals, tech specs, etc?

Thanks in advance for your responses and have a nice day.

This list is sponsored by: Cenzic

Top 5 Common Mistakes in Securing Web Applications
Get 45 Min Video and PPT Slides


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]