[Cerowrt-devel] Suggestions/advice for captive portal on gw00/gw10?
dpreed at reed.com
dpreed at reed.com
Thu Apr 9 12:37:04 EDT 2015
DOn't want to get entangled in the political debate, but just a thought:
If you track what MAC addrs use what upstream capacity, you could have data on which to judge who is pushing your usage over any caps you happen to have.
Having some data (not general fears or propaganda generated by those who want to tell you to be very afraid so you buy their gear or their arguments) always helps.
And if you like, you could do something that doesn't involve all the protocol violations that a captive portal usually involves (redirecting DNS, ... and putting MITM attacks on https: connections, ...), e.g. restrict any unknown users to 28 Kb/sec of your upstream, for example, as a way to be non-disruptive. People won't get netflix or youtube over 28 kb/sec in any useful way.
Security is often just a matter of making it easier to steal from your neighbor, rather than installing an automatic gun to shoot anyone who trespasses.
On Wednesday, April 8, 2015 5:34pm, "Dave Taht" <dave.taht at gmail.com> said:
> On Wed, Apr 8, 2015 at 2:14 PM, <Valdis.Kletnieks at vt.edu> wrote:
>> On Wed, 08 Apr 2015 16:40:10 -0400, leetminiwheat said:
>>> Sorry again, I found connlimit in iptables-mod-conntrack-extra. I'll
>>> investigate further about a simple portal and not make it too intrusive,
>>> just more of a warning that they're not on their (faster) home WiFi.
>> It's 74F and sunny outside, it's one of the more scenic areas in southwest
>> Virginia, I have a Jaguar with an almost full tank of gas in the parking lot,
>> and I'm stuck in this cubicle for a bit longer. So the snark is running high
>> at the moment.
>> And add an exception list for device MAC addresses you recognize....
>> That should do the trick. :)
> While amusing, that was not my point.
> My overall point is that not sharing wifi spectrum sanely, and the
> resulting interference is hurting everyone.
> There is no "theft" of internet access you are not using.
> (Admittedly there are (today) increasing amounts of usage caps from
> the ISP, which I do not like either.)
> Dave Täht
> We CAN make better hardware, ourselves, beat bufferbloat, and take
> back control of the edge of the internet! If we work together, on
> making it:
> Cerowrt-devel mailing list
> Cerowrt-devel at lists.bufferbloat.net
More information about the Cerowrt-devel