Friday, April 06, 2007

Hotel Wireless IDS (Oppsie!)

I was recently out in Las Vegas for some compliance training. After a long night of honing my Blackjack skills, I returned to the hotel to catch up on e-mail. The hotel had free wireless, and since 24 hours had expired from when I initially connected, I was redirected to the captive web portal to agree to terms of service, see their marketing stuff, etc. Well, when I clicked accept, I noticed that the captive portal was utilizing a series of CGI scripts to authorize clients. Definitely piqued my interest.

So, first step in any good "investigation" is to do some fingerprinting. I fired up nmap -sT -A to identify listening services and make an OS guess. Being the impatient person that I am, I also fired up nikto in parallel. But of course, that wasn't enough to immediately satisfy my curiosity, so I started conduction some web tests by hand. And then something happened that I completely did not expect. I got this web message:


Has anyone else experienced something like this before? The interesting thing is the URL. I wonder if I sniffed the IP / MAC address combinations off my local segment and did HTTP POST's to that URL if I could blacklist everybody else.

Labels: ,


Anonymous Alex said...

So how was the certified compliance training?

Anything especially groundbreaking there?

I've never seen the oppsie.png. That's pretty cool. But I wonder if reducing you to 56k for 10 minutes is really going to prevent "network intrusion"?

It's also really funny that they told you they caught you. What's the purpose there, deterrence? h

Wednesday, April 11, 2007 12:42:00 PM  

Post a Comment

Links to this post:

Create a Link

<< Home