Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Wired captive portal pen-test
From: "Mario Spinthiras" <mspinthiras () gmail com>
Date: Thu, 17 Jul 2008 10:08:29 +0300

I am not sure what kind of captive portal it was. I know for sure that
if the administrator limited the dns traffic or performed DPI
(cleverly) they could avoid NSTX bypasses. NSTX relies on dns queries
solely to be able to bypass CP. However by limiting the amount of DNS
queries per IP to a more "normal" threshold then NSTX would be
rendered useless.

As for DTP , yersinia seems to be able to handle DTP auditing just
fine. I have not found other tools capable of doing similar audits.


-- 
Warm Regards,
Mario A. Spinthiras
Blog: http://www.spinthiras.net
Mail: mspinthiras () gmail com
Skype: smario125

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]