OPNsense Forum

English Forums => General Discussion => Topic started by: xaxero on November 28, 2018, 06:16:27 pm

Title: Captive Portal Hacked
Post by: xaxero on November 28, 2018, 06:16:27 pm: We had our captive portal hacked and some research showed duplicate IP/MACs

Doing some research it appears very simple to compromise layer 2 by doing an ARP scan and finding who is authenticated by spoofing the MAC and IP address and hijacking an authenticated session.

I downloaded a proof of concept script here : https://github.com/systematicat/hack-captive-portals

Worked after 3 tries.

Does OPNSense have any defense against this ?

Thanks

Jonathan
Title: Re: Captive Portal Hacked
Post by: franco on December 03, 2018, 09:19:29 am: Hi Jonathan,

For better or worse this is the norm since unrestricted network access means unrestricted access via any MAC or IP unless smarter components or SDN (software-defined networking) are used to counter such attempts.

From a firewall perspective that sits in front of your WAN but doesn't know the possibly vast setup of your internal networks, switches, WIFI bridges, etc. there's nothing to be done.

Cheers,
Franco

SMF 2.0.19 | SMF © 2021, Simple Machines
Privacy Policy