SearchSearch   ProfileProfile   Log inLog in   RegisterRegister 

FirstSpot Security Breach

 
Post new topic   Reply to topic    FirstSpot Forum Index -> Pre-sales Support Forum
View previous topic :: View next topic  
Author Message
ron
Guest





PostPosted: Thu Sep 22, 2005 11:10 pm    
Post subject: FirstSpot Security Breach

Hello, I discovered a major problem today. I am using a Cisco 1200 Access Point connected to FirstSpot Server. If a Customer uses a DLink Range extender DWL710 and then logs into firstspot, anyone else that can see the signal from the range extender can get online for free without having to log in to firstspot. Also i can not see the ip of the user that is logged in with a valid account through the range extender.

Any Ideas on how to plug this hole?
Back to top
alan
Forum facilitator


Joined: 26 Sep 2003
Posts: 4435

PostPosted: Fri Sep 23, 2005 4:35 am    
Post subject:

Did you turn on NAT in your Dlink? Note that FirstSpot recognizes client PC by MAC, and turning on NAT in your AP/router will make all client PCs attached to that AP/router looks like 1 machine.

Instead, you need to make your Dlink acts as a bridge instead of a router. Just make sure the WAN port is not used in your Dlink.
_________________
~ Patronsoft Limited ~
Back to top
carmine



Joined: 14 May 2005
Posts: 5
Location: Canada

PostPosted: Fri Sep 23, 2005 11:54 am    
Post subject: Re: breach

Hello, yes what you say would work if i was using an acccess point but this is a range extender / reapeter from dlink dwl710 and it does not have any ports on it, all it does id do a site survey and find wireless signal. you then pick the signal and it will re broadcast your signal stonger.

i think whats going on is that firstspot is seeing the mac address of the dlink device and then when the first person connects, fistspot allows them to surf buy attaching that user name to the repeters mac address, then when someone else connects to the repeater the repeter sends all there requests out using the repeters mac address thats authenticated. FirstSpot can not tell that there are diffrent machines on the other end.

this link shows you the options to set in the dlink but as far as i can see there is nothing we can set to fix this

http://support.dlink.com/emulators/dwlg710/

we are running a registerd copy, and this is a groing problem by the day.
we are now aware of at least two units connect to our system and we cant figur out how may users are sneeking in because we only see the repeter mac address in firstspot.

We also have a call into Dlink tech support about this.
Back to top
hans
Forum facilitator


Joined: 14 May 2004
Posts: 63

PostPosted: Mon Sep 26, 2005 10:25 am    
Post subject:

I think you need to sniff the packet from the extender by ethereal.

It is because FirstSpot determine ip/mac to identify client packets.

Please post the sniff result or email us.
_________________
~ Patronsoft Limited ~
Back to top
Display posts from previous:   
Post new topic   Reply to topic    FirstSpot Forum Index -> Pre-sales Support Forum All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group