From black holes to wireless networking - Wireless ISPs and Hotspots, the RADIUS and How It Works. A journey through open source, from need to product.

1. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Fromblackholesto
wirelessnetworking
Liran Tal
2013
daloRADIUS and cracking a hole in the hotspot

2. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
What’sahead…

3. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.3
Topics
Wireless ISPs and Hotspots
RADIUS and How It Works
Open Source
A journey through open source, from need to product

4. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
TheStory

5. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.5
2006

6. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.6
2006Twitter
UX Designer
Android
iPhone
Apps Store
Responsive Web
HTML5

7. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.7
* Image source: capecoral.net
First REAL job at a Hi-Tech startup

8. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.8
Which Hi-Tech startup?

9. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.9
Why REAL startup?

10. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.10
Why REAL startup?

11. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.11
Why REAL startup?

12. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.12
10Levels participated,
as an integrator,
for big WISP project
in Freetown, Sierra Leone
led by Netcom

13. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.13
10Levels participated,
as an integrator,
for big WISP project
in Freetown, Sierra Leone
led by Netcom
• Mail Server
• Networking

14. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.14
10Levels participated,
as an integrator,
for big WISP project
in Freetown, Sierra Leone
led by Netcom
* Image source: makeuseof.com
Wireless ISP

15. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.15
10Levels participated,
as an integrator,
for big WISP project
in Freetown, Sierra Leone
led by Netcom
* Image source: makeuseof.com

16. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.16
* Image source: makeuseof.com
10Levels participated,
as an integrator,
for big WISP project
in Freetown, Sierra Leone
led by Netcom

17. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.17
* Image source: makeuseof.com
10Levels participated,
as an integrator,
for big WISP project
in Freetown, Sierra Leone
led by Netcom

18. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.18
* Image source: makeuseof.com
10Levels participated,
as an integrator,
for big WISP project
in Freetown, Sierra Leone
led by Netcom

19. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.19
* Image source: arstechnica.com
Users report network issues

20. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.20
* Image source: omnitechsupport.com
Local CTO calls Netcom (integrator)

21. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.21
* Image source: findandconvert.com
Netcom contact person calls 10Levels

22. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.22
* Image source: shutterstock.com
2 weeks later I’m in Sierra Leone
Doing network sniffing with
my best friend ethereal

23. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.23
* Image source: sean mendis
Freetown’s air port...

24. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.24
* Image source: sean mendis
Freetown’s air port...
and that’s after the upgrade

25. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.25
* Image source: sean mendis
Freetown’s air port...
From my camera

26. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.26
* Image source: www.screenhog.com

27. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.27
* Image source: www.screenhog.com
Company has an idea…

28. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.28
* Image source: www.screenhog.com
or actually…

29. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.29
* Image source: www.screenhog.com
an IDEA!

30. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.30
* Image source: http://www.ossramblings.com/
Let’s do WISP, on Linux

31. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.31
* Image source: www.screenhog.com
How do you pull a WISP?

32. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.32
* Image source: fibernova.com, http://img1.mlstatic.com/
Access Points and Backhaul
for infrastructure

33. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.33
* Image source: crn.com
Network equipment, routers, switches

34. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.34
* Image source: http://www.citrusdb.org/, http://www.freeside.biz/
You do want to make money, right?
Billing.

35. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.35
* Image source: www.screenhog.com
E-mail services

36. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.36
* Image source: www.screenhog.com
Remote access servers

37. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.37
* Image source: www.screenhog.com
Remote access servers
often referred to as
NAS – Network Access Server
or
RAS – Remote Access Server

38. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.38
* Image source: www.screenhog.com
The world’s most popular RADIUS server
Authentication

39. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.39
* Image source: www.screenhog.com
The world’s most popular RADIUS server
Authentication
RADIUS

40. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.40
* Image source: www.screenhog.com
Authentication

41. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.41
* Image source: www.screenhog.com
Not really
Authentication

42. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.42
RADIUS
Remote Access Dial-In User System

43. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.43
• Authentication – who is this user? Is that really him?
• Authorization – what is this user allowed to do?
• Accounting – what did the user do?
RADIUS
Remote Access Dial-In User System

44. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.44
* Image source: h3c.com
How does it work?

45. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.45
* Image source: exetel.com.au
Remember how to connect to your ISP?

46. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.46
* Image source: exetel.com.au
Remember how to connect to your ISP?

47. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.47
RADIUS attributes
apply a user policy

48. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.48
How do we manage users?

49. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.49
How do we manage users?
Provisioning

50. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.50
How do we manage users?
Provisioning
• Create users
• Configure user profiles
− Bandwidth limits
− Login times
− Account expiration
− Simultaneous Logins

51. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
daloRADIUS,
The rise of

52. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.52
2007

53. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.53
2007
web management platform for freeRADIUS deployments?

54. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.54
2007
dialup admin = bundles with
FreeRADIUS

55. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.55
2007
no other worthy open source project to tackle
this problem

56. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.56
2007
the endeavor begins

57. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.57
2007
the endeavor begins
let’s scratch that itch!

58. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.58
2007
hardest part of every new software project?

59. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.59
2007
choosing a name

60. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.60
2007
daloRADIUS

61. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.61
2007
daloRADIUS
what’s in a name?

62. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.62
2007
daloRADIUS
what’s in a name?
Daloya – my wife’s last name

63. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.63
2007
daloRADIUS
what’s in a name?
Daloya – my wife’s last name
Now she is famous!

64. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.64
2007
daloRADIUS
what’s in a name?
Daloya – my wife’s last name
Now she is famous!

65. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.65
daloRADIUS
“daloRADIUS is an advanced RADIUS web management
application aimed at managing hotspots and general-
purpose ISP deployments. It features user management,
graphical reporting, accounting, a billing engine and
integrates with GoogleMaps for geo-locating.”

66. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.66
daloRADIUS
every decent project needs a logo

67. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.67
daloRADIUS
every decent project needs a logo

68. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.68
daloRADIUS
my first major open source web venture

69. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.69
daloRADIUS
pioneer project
my first major open source web venture

70. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.70
daloRADIUS
pioneer project
my first major open source web venture
great adoption potential

71. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.71
daloRADIUS
pioneer project
my first major open source web venture
great adoption potential
amazing community feedback

72. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.72
mission #1
daloRADIUS

73. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.73
daloRADIUS
SourceForge project page

74. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.74
daloRADIUS
SourceForge project page
code hosting

75. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.75
daloRADIUS
SourceForge project page
code hosting
collaboration

76. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.76
daloRADIUS
open source yields some food-wise
benefits

77. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.77
daloRADIUS
I bet my friend I can hit
lower than 1000 ranking
on SourceForge

78. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.78
daloRADIUS

79. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.79
daloRADIUS
That reminds me!
@andel7 you still owe me a meal!

80. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.80
daloRADIUS
Back To The Future

81. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.81
daloRADIUS
Back To The Future

82. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.82
open source project analysis
daloRADIUS

83. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.83
daloRADIUS
•mostly written in PHP
•well established, mature codebase
•maintained by one developer
•decreasing Y-O-Y commits

84. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.84
daloRADIUS

85. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.85
105K
lines of code
•has had 2,061 commits
•made by 6 contributors
daloRADIUS

86. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.86
26
person years
based on COCOMO model
$1.4M
estimated cost
for $55k
average salary
daloRADIUS

87. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.87
daloRADIUS
more on project growth

88. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.88
daloRADIUS
more on project growth

89. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.89
> 150K
downloads
daloRADIUS

90. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.90
daloRADIUS
who is using it?

91. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.91
daloRADIUS
who is using it?
exotic people

92. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.92
daloRADIUS
who is using it?
exotic people
really

93. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.93
daloRADIUS
Papua New Guinea

94. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.94
daloRADIUS
Ecuador

95. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.95
daloRADIUS
Iceland

96. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.96
daloRADIUS
who is behind those downloads?

97. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.97
daloRADIUS
ISPs, Hotspots, Education…

98. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.98
daloRADIUS
ISPs, Hotspots, Education…
partial list:

99. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.99
daloRADIUS
ISPs, Hotspots and Education
SiPalto

100. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.100
daloRADIUS
ISPs, Hotspots and Education
* these companies have been on the mailing list at some point

101. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.101
daloRADIUS
I even published a user guide book

102. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.102
daloRADIUS

103. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.103
>100
copies sold
since December 2012
~250
pages
step by step instructions
daloRADIUS

104. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.104
daloRADIUS
none of this would have been possible without

105. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.105
daloRADIUS
none of this would have been possible without
an amazing community of users

106. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.106
daloRADIUS
none of this would have been possible without
an amazing community of users
an amazing community of developers

107. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.107
daloRADIUS

108. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.108
daloRADIUS
Evgeniy Kozhuhovskiy
introducing multi-lingual support

109. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.109
daloRADIUS
multi-lingual proves promising as project grows

110. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.110
daloRADIUS

111. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Hotspots
The origins of
“” - Yoda

112. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.112
* Image source: http://www.space.com/
From black holes to wireless networking

113. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.113
* Image source: http://www.space.com/
From black holes to wireless networking

114. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.114
* Image source: http://www.techweekeurope.co.uk/
John O’Sullivan, astronomer,
electrical engineer.

115. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.115
John O’Sullivan, astronomer,
electrical engineer.
• Australian mate
• Work in the area of radio waves and
Fourier transforms (eh?)
• Hunter of black holes, in hope of
improving his radio telescope
* Image source: http://www.techweekeurope.co.uk/

116. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.116
* Image source: http://rlab.lse.ac.uk/
Moving packets in the air since the ‘90s
Wireless Fidelity

117. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.117
802.11b (11Mbps)
* Image source: http://rlab.lse.ac.uk/
Moving packets in the air since the ‘90s
Wireless Fidelity
802.11g (54Mbps) 802.11n (120Mbps)

118. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.118
* Image source: http://www.techweekeurope.co.uk/
Hotspots = Wireless Access Points for Internet
connectivity

119. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.119
• Coffee shops
• Institutions
• Airports
* Image source: http://www.techweekeurope.co.uk/
Hotspots

120. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.120
• Redirect all HTTP traffic
to a web page
• User agrees to terms of
service or pay online for
Internet access
* Image source: www.screenhog.com
Captive Portals

121. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.121
• Doesn’t mean free
• Doesn’t mean secure
* Image source: http://www.techweekeurope.co.uk/
Hotspots

122. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
CaptivePortals
The gateway for Internet access

123. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.123
Not always free
• Airports
• Hotels
* Image source: www.screenhog.com
Captive Portals Internet access

124. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.124
Restricted access only to staff
* Image source: www.screenhog.com
Captive Portals Internet access

125. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.125
Need SSH access but only HTTP is allowed?
* Image source: www.screenhog.com
Captive Portals Internet access

126. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.126
Internet makes people happy
* Image source: www.screenhog.com
Captive Portals Internet access

127. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.127
* Image source: www.screenhog.com

128. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.128
* Image source: www.screenhog.com
“Happiness is
free wi-fi”

129. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.129
• VPNs
• ICMP traffic tunneling
• MAC piggy-back
* Image source: www.screenhog.com
Gaining Internet access through
Captive portals

130. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.130
• VPNs
• ICMP traffic tunneling
• MAC piggy-back
* Image source: www.screenhog.com
Most probably all of
these are not an option
Gaining Internet access through
Captive portals

131. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.131
* Image source: www.screenhog.com
Gaining Internet access through
Captive portals
that actually work

132. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.132
* Image source: www.screenhog.com
DNS
Gaining Internet access through
Captive portals
that actually work

133. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.133
* Image source: www.screenhog.com
DNS
Huh??
Gaining Internet access through
Captive portals
that actually work

134. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.134
* Image source: www.screenhog.com
DNS Tunneling
Gaining Internet access through
Captive portals
that actually work

135. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.135
* Image source: www.screenhog.com
• DNS is mandatory to resolve hostnames
• DNS is recursive -> delegate hostname resolution to a host you
control
Gaining Internet access through
Captive portals
that actually work

136. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.136
* Image source: wikibooks.com
Gaining Internet access through
Captive portals
that actually work

137. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.137
* Image source: www.screenhog.com
Gaining Internet access through
Captive portals
that actually work
• Payload must be base32/base64 encoded
• 512 bytes for each DNS packet
• DNS uses UDP so it requires further handling

138. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.138
* Image source: http://analogbit.com/
Gaining Internet access through
Captive portals

139. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.139
* Image source: www.screenhog.com
Gaining Internet access through
Captive portals
that actually work,
but not always
• DNS redirection will prevent DNS tunneling from working
• Firewalling DNS activity

140. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.140
* Image source: www.screenhog.com
Demo Time!

141. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Thankyou