Symbianize Forum
Most of our features and services are available only to members, so we encourage you to login or register a new account. Registration is free, fast and simple. You only need to provide a valid email. Being a member you'll gain access to all member forums and features, post a message to ask question or provide answer, and share or find resources related to mobile phones, tablets, computers, game consoles, and multimedia.
All that and more, so what are you waiting for, click the register button and join us now! Ito ang website na ginawa ng pinoy para sa pinoy!
Wifi Project! My Small ISP
- Thread starter avis21
- Start date
- Replies 350
- Views 60,210
- Messages
- 87
- Reaction score
- 0
- Points
- 26
- Thread Starter
- #43
Re: Wifi Project! My Small ISP 
negosyo!
thats why when you used POE, replace your adapter from 12v 800mA to 16v 1.2mA to prevent voltage drop.
negosyo!thats why when you used POE, replace your adapter from 12v 800mA to 16v 1.2mA to prevent voltage drop.
- Messages
- 87
- Reaction score
- 0
- Points
- 26
- Thread Starter
- #45
- Messages
- 180
- Reaction score
- 0
- Points
- 26
Re: Wifi Project! My Small ISP negosyo!
up ko lang tol...
negosyo!
ok bro, dun lang ako medyu nalito sa Captive portal monowall.
Anu ba tlaga dun gnagamit mu Captive portal? monowall? or pfsense? or packet fence?
Cenxa bro nalito lang tlaga, na try ko install mga yan pero medyu mahirap. Paki include lang sana procedures mu dito bro at kung anu OS gamit mu... thanks tol at gudluck sa business..
up ko lang tol...
- Messages
- 87
- Reaction score
- 0
- Points
- 26
- Thread Starter
- #47
Re: Wifi Project! My Small ISP negosyo!
sa ngaun bro MonoWall gamit q, mas maganda kc features ng monowall sa Captive portal eh, my voucher System na dn ska mas mababa ang system requirements e2 sample ng portal q. View attachment 38080
at e2 ung distance ng wifi q sa mga clients q.
View attachment 38081
Procedures:
1. download the ISO image
2. burn the ISO image onto a CD-R (or -RW)
FreeBSD (ATAPI recorder): burncd -s max -e data cdrom-xxx.iso fixate
Windows: use your favorite burning program (e.g. Nero) to record the ISO image (2048 bytes/sector, Mode-1)
3. take a USB flash drive (m0n0wall 1.3b only) and format it (with an MS-DOS/FAT file system!)
Windows: use Windows Explorer to format the drive (FAT32)
4. power up your PC, enter the BIOS and make sure that booting from CD-ROM is enabled
5. boot
6. wait for the console menu to appear, select 1. (assign network ports)
assign functions (LAN/WAN/OPT) to your interfaces
7. change the LAN IP address, or use the default (192.168.1.1; m0n0wall acts as a DHCP server by default)
8. access the webGUI (user: 'admin', default password: 'mono')
9. enable the captive portal on services tab and modify the html portal page.
10. DONE!
negosyo!up ko lang tol...
sa ngaun bro MonoWall gamit q, mas maganda kc features ng monowall sa Captive portal eh, my voucher System na dn ska mas mababa ang system requirements e2 sample ng portal q. View attachment 38080
at e2 ung distance ng wifi q sa mga clients q.
View attachment 38081
Procedures:
1. download the ISO image
2. burn the ISO image onto a CD-R (or -RW)
FreeBSD (ATAPI recorder): burncd -s max -e data cdrom-xxx.iso fixate
Windows: use your favorite burning program (e.g. Nero) to record the ISO image (2048 bytes/sector, Mode-1)
3. take a USB flash drive (m0n0wall 1.3b only) and format it (with an MS-DOS/FAT file system!)
Windows: use Windows Explorer to format the drive (FAT32)
4. power up your PC, enter the BIOS and make sure that booting from CD-ROM is enabled
5. boot
6. wait for the console menu to appear, select 1. (assign network ports)
assign functions (LAN/WAN/OPT) to your interfaces
7. change the LAN IP address, or use the default (192.168.1.1; m0n0wall acts as a DHCP server by default)
8. access the webGUI (user: 'admin', default password: 'mono')
9. enable the captive portal on services tab and modify the html portal page.
10. DONE!
Attachments
Last edited:
- Messages
- 180
- Reaction score
- 0
- Points
- 26
Re: Wifi Project! My Small ISP negosyo!
galing nman nyan..
anu gamit mu email tol, pa PM naman... di kita ma PM..
negosyo!galing nman nyan..
anu gamit mu email tol, pa PM naman... di kita ma PM..
- Messages
- 372
- Reaction score
- 2
- Points
- 28
Re: Wifi Project! My Small ISP negosyo!
galing nito ah... ts patutorial din kng panu gamitin ung monowall? ss na din po kng ok lang... salamat...
negosyo!galing nito ah... ts patutorial din kng panu gamitin ung monowall? ss na din po kng ok lang... salamat...
- Messages
- 3,626
- Reaction score
- 1
- Points
- 28
Re: Wifi Project! My Small ISP negosyo!
On the contrary, it is relatively easy to crack Captive Portals. Although cracking WPA/WPA2 and WEP networks are the more popular reasons to use BackTrack, hindi lang po ito ang gamit ng BackTrack. Kung tutuusin pang-beginner pa nga lang ang mga method na ito. Kahit i-Google lang ninyo makikita na ninyo ang basic steps kung paano ma-bypass ang Captive Portal. In fact, these "other applications" that can bypass Captive Portals are part of downloadable/installable applications from Ubuntu, kahit hindi na kayo mag-BackTrack.
Pero I don't think I will need to discuss the steps to do it. Hindi natin hangarin na sirain ang business ng kasama natin.
I'm just pointing out that Captive Portals seem to be very secure and well-protected, but only from a limited number of cracking methods (such as methods like aircrack-ng). However, may vulnerability siya na kayang-kayang i-exploit using the other methods/apps that are available in BackTrack. Kung ano man yun, hmmm...sorry hindi ko na lang sasabihin. Respect na lang natin, negosyo ito eh.
negosyo!baka malugi ka jan ts.... paano kung my gumagamit jan sa inyo ng linux bactrack na os???
kayang nyang butasin khit cisco na router.
info lng TS
pero TS... astig parin business mo
On the contrary, it is relatively easy to crack Captive Portals.
Although cracking WPA/WPA2 and WEP networks are the more popular reasons to use BackTrack, hindi lang po ito ang gamit ng BackTrack. Kung tutuusin pang-beginner pa nga lang ang mga method na ito. Kahit i-Google lang ninyo makikita na ninyo ang basic steps kung paano ma-bypass ang Captive Portal. In fact, these "other applications" that can bypass Captive Portals are part of downloadable/installable applications from Ubuntu, kahit hindi na kayo mag-BackTrack.Pero I don't think I will need to discuss the steps to do it. Hindi natin hangarin na sirain ang business ng kasama natin.
I'm just pointing out that Captive Portals seem to be very secure and well-protected, but only from a limited number of cracking methods (such as methods like aircrack-ng). However, may vulnerability siya na kayang-kayang i-exploit using the other methods/apps that are available in BackTrack. Kung ano man yun, hmmm...sorry hindi ko na lang sasabihin. Respect na lang natin, negosyo ito eh.
Last edited:
- Messages
- 180
- Reaction score
- 0
- Points
- 26
Re: Wifi Project! My Small ISP negosyo!
Simply lang sulotion jan,
1. block mu sa monowall yung MAC Address lng LAN Card nya.
2. Drop mu sa IP tables lahat ng packet ng IP Address nya.
Makita mu mn sa Captive Portal lahat ng MAC Address at IP Address ng mga nka connect sa Wifi mu.
Try using Packet Fence Captive Portal.
Kung may vulnirabilities pa jan post nyu dito.
negosyo!On the contrary, it is relatively easy to crack Captive Portals.
Pero I don't think I will need to discuss the steps to do it. Hindi natin hangarin na sirain ang business ng kasama natin.
Simply lang sulotion jan,
1. block mu sa monowall yung MAC Address lng LAN Card nya.
2. Drop mu sa IP tables lahat ng packet ng IP Address nya.
Makita mu mn sa Captive Portal lahat ng MAC Address at IP Address ng mga nka connect sa Wifi mu.
Try using Packet Fence Captive Portal.
Kung may vulnirabilities pa jan post nyu dito.
- Messages
- 3,626
- Reaction score
- 1
- Points
- 28
Re: Wifi Project! My Small ISP negosyo!
Hi Friend,
That will work only if the attacker will not spoof his/her MAC Address to that of a "known" or "recognized" or "allowed" (client) MAC Address by the host. Essentially speaking, the method you describe only blocks "unkown" or "unwelcomed" MAC Addresses...even basic home routers have that function (MAC Filtering to allow only certain MAC Addresses so that those MAC Addresses that are not part of the list will not be able to connect or will be blocked). In short, that setup protects against direct cracking, but not "indirect" hacking/cracking methods like using Social Engineering or MITM. Kung paano ginagawa ito, I would not rather say...like I said respect na lang sa business niya.
Anyway I'm not pointing out that we will hack the Thread Starter's connection...just pointing out the vulnerability in his setup so that he can beef up his protection. He mentioned na Open ang network niya, ang tanging protection lang na meron siya (based on what he said) is the Captive Portal which can be bypassed. In that case, parang kagaya (parang lang) ng current vulnerability ng cellular networks natin dito sa Pilipinas like Globe and Smart. They allow you to connect but not browse if your load is zero. You will be redirected instead to a page that tells you that you have to reload. Which, in the case of these cellular networks, it is bypassed using proxies and VPNs. Not to say that doing VPN to a Captive Portal will do the trick ha, just an analogy.
At the end of it all, possible ma-hack yan but then again, hindi naman common knowledge ang hacking and considering yung location ng Thread Starter natin (he posted a screenshot of his location in the previous pages), I don't think may mga taong may interest sa pag-hack. So in end-users' terms puwede na rin ang protection niya.
negosyo!Simply lang sulotion jan,
1. block mu sa monowall yung MAC Address lng LAN Card nya.
2. Drop mu sa IP tables lahat ng packet ng IP Address nya.
Makita mu mn sa Captive Portal lahat ng MAC Address at IP Address ng mga nka connect sa Wifi mu.
Try using Packet Fence Captive Portal.
Kung may vulnirabilities pa jan post nyu dito.
Hi Friend,
That will work only if the attacker will not spoof his/her MAC Address to that of a "known" or "recognized" or "allowed" (client) MAC Address by the host. Essentially speaking, the method you describe only blocks "unkown" or "unwelcomed" MAC Addresses...even basic home routers have that function (MAC Filtering to allow only certain MAC Addresses so that those MAC Addresses that are not part of the list will not be able to connect or will be blocked). In short, that setup protects against direct cracking, but not "indirect" hacking/cracking methods like using Social Engineering or MITM. Kung paano ginagawa ito, I would not rather say...like I said respect na lang sa business niya.
Anyway I'm not pointing out that we will hack the Thread Starter's connection...just pointing out the vulnerability in his setup so that he can beef up his protection. He mentioned na Open ang network niya, ang tanging protection lang na meron siya (based on what he said) is the Captive Portal which can be bypassed. In that case, parang kagaya (parang lang) ng current vulnerability ng cellular networks natin dito sa Pilipinas like Globe and Smart. They allow you to connect but not browse if your load is zero. You will be redirected instead to a page that tells you that you have to reload. Which, in the case of these cellular networks, it is bypassed using proxies and VPNs. Not to say that doing VPN to a Captive Portal will do the trick ha, just an analogy.
At the end of it all, possible ma-hack yan but then again, hindi naman common knowledge ang hacking and considering yung location ng Thread Starter natin (he posted a screenshot of his location in the previous pages), I don't think may mga taong may interest sa pag-hack. So in end-users' terms puwede na rin ang protection niya.
Last edited:
- Messages
- 180
- Reaction score
- 0
- Points
- 26
Re: Wifi Project! My Small ISP negosyo!
Lets take option #2:
IP Tables Firewall config is
Then allow only your clients IP address.
Another is --> DROP ALL Subnets ng attacker sa IP Tables.
negosyo!Lets take option #2:
IP Tables Firewall config is
Code:
DROP ALL PACKETS BY DEFAULTThen allow only your clients IP address.
Another is --> DROP ALL Subnets ng attacker sa IP Tables.
- Messages
- 3,626
- Reaction score
- 1
- Points
- 28
Re: Wifi Project! My Small ISP negosyo!
Correct but again, if the attacker spoofs his own MAC Address to that of an already-recognized (client/guest) MAC Address, then the host will think that the attacker is not the attacker but instead, part of his customers (those with MAC Addresses that belong to his "allowed" group). In other words, if two machines have the same MAC Addresses (e.g. carbon-copy), the host can't determine which is "original" and which is "fake". Yes we do know that no two machines will ever have the same MAC Address (MAC Address is like a unique fingerprint of each device), hence MAC spoofing. The 2 methods you have described will work if the host knows that a certain MAC Address is "not welcome"...in essence the counter-attack you suggested is targeted to a MAC Address that the host knows that is "not welcome".
He could probably change his network from "Open" to "Closed" via WPA/WPA2 (which can't be since he wants to set up a Captive Portal)...however he is using it for business...what if one of his customers has more than one machine? The customer may complain that he already paid but can't connect his other machine (probably because of MAC filtration procedures already mentioned)....unless his business policy would be for the customer to pay one subscription per machine.
Again, both methods only protect the host itself from direct attacks. Also, both methods described assume that you are able to correctly identify the attacker. Otherwise you may end up blocking even the legitimate client/guest/customer. On the other hand, both methods you described is good protection only if you are planning to protect a network that is for personal use (e.g. you know exactly which machines/devices are allowed to connect) and not for business use.
negosyo!Lets take option #2:
IP Tables Firewall config is
Then allow only your clients IP address.Code:DROP ALL PACKETS BY DEFAULT
Another is --> DROP ALL Subnets ng attacker sa IP Tables.
Correct but again, if the attacker spoofs his own MAC Address to that of an already-recognized (client/guest) MAC Address, then the host will think that the attacker is not the attacker but instead, part of his customers (those with MAC Addresses that belong to his "allowed" group). In other words, if two machines have the same MAC Addresses (e.g. carbon-copy), the host can't determine which is "original" and which is "fake". Yes we do know that no two machines will ever have the same MAC Address (MAC Address is like a unique fingerprint of each device), hence MAC spoofing. The 2 methods you have described will work if the host knows that a certain MAC Address is "not welcome"...in essence the counter-attack you suggested is targeted to a MAC Address that the host knows that is "not welcome".
He could probably change his network from "Open" to "Closed" via WPA/WPA2 (which can't be since he wants to set up a Captive Portal)...however he is using it for business...what if one of his customers has more than one machine? The customer may complain that he already paid but can't connect his other machine (probably because of MAC filtration procedures already mentioned)....unless his business policy would be for the customer to pay one subscription per machine.
Again, both methods only protect the host itself from direct attacks. Also, both methods described assume that you are able to correctly identify the attacker. Otherwise you may end up blocking even the legitimate client/guest/customer. On the other hand, both methods you described is good protection only if you are planning to protect a network that is for personal use (e.g. you know exactly which machines/devices are allowed to connect) and not for business use.
Last edited:
- Messages
- 180
- Reaction score
- 0
- Points
- 26
Re: Wifi Project! My Small ISP negosyo!
Nice!
MAC spoofing would work but how about blocking your IP address from firewall? or how can you access if your IP is totally blocked including all your subnets?
Changing IP takes more time than blocking from IP Tables firewall.
negosyo!Correct but again, if the attacker spoofs his own MAC Address to that of an already-recognized (client/guest) MAC Address, then the host will think that the attacker is not the attacker but instead, part of his customers (those with MAC Addresses that belong to his "allowed" group). In other words, if two machines have the same MAC Addresses (e.g. carbon-copy), the host can't determine which is "original" and which is "fake". Yes we do know that no two machines will ever have the same MAC Address (MAC Address is like a unique fingerprint of each device), hence MAC spoofing. The 2 methods you have described will work if the host knows that a certain MAC Address is "not welcome"...in essence the counter-attack you suggested is targeted to a MAC Address that the host knows that is "not welcome".
He could probably change his network from "Open" to "Closed" via WPA/WPA2 (which can't be since he wants to set up a Captive Portal)...however he is using it for business...what if one of his customers has more than one machine? The customer may complain that he already paid but can't connect his other machine (probably because of MAC filtration procedures already mentioned)....unless his business policy would be for the customer to pay one subscription per machine.
Again, both methods only protect the host itself from direct attacks. Also, both methods described assume that you are able to correctly identify the attacker. Otherwise you may end up blocking even the legitimate client/guest/customer. On the other hand, both methods you described is good protection only if you are planning to protect a network that is for personal use (e.g. you know exactly which machines/devices are allowed to connect) and not for business use.
Nice!
MAC spoofing would work but how about blocking your IP address from firewall? or how can you access if your IP is totally blocked including all your subnets?
Changing IP takes more time than blocking from IP Tables firewall.
- Messages
- 3,626
- Reaction score
- 1
- Points
- 28
Re: Wifi Project! My Small ISP negosyo!
Correct...that is indeed a problem for the attacker if it's a direct attack to the host only. It's a bit difficult for me to explain what I'm getting at (I would have to reveal the hacking methodology if I need to explain it). Again, that method assumes that you are able to identify the attacker.
Anyway as I have mentioned in my previous posts, my intention is not to hack the Thread Starter's setup...he lives far from my place, and I have my own Internet connection. Though there are vulnerabilities in his setup, I guess puwede na rin yun since hacking is not common knowledge.
negosyo!Nice!
MAC spoofing would work but how about blocking your IP address from firewall? or how can you access if your IP is totally blocked including all your subnets?
Changing IP takes more time than blocking from IP Tables firewall.
Correct...that is indeed a problem for the attacker if it's a direct attack to the host only.
It's a bit difficult for me to explain what I'm getting at (I would have to reveal the hacking methodology if I need to explain it). Again, that method assumes that you are able to identify the attacker.Anyway as I have mentioned in my previous posts, my intention is not to hack the Thread Starter's setup...he lives far from my place, and I have my own Internet connection. Though there are vulnerabilities in his setup, I guess puwede na rin yun since hacking is not common knowledge.
Last edited:
Similar threads
