Of course I fully understand they can be spoofed, and way too easily, too. Anyway that's not the point, why did it let a client access the captive portal, when there are static arp entries enabled, and that client (ip and mac) isn't defined in any of the arp entries? I have the arp table filled till ip 30, so how come someone can access it who isn't in there? Isn't the static arp entry definition that, which allows only clients in this list to make connections to the server?
> Ethereal and a network card that allows you to change macs .. Trivial. > Access to a network needs to be properly controlled (wired or wireless). > > Security needs to be designed in.. Physical access is never a deterant > for the truly motivated. > > -----Original Message----- > From: jonathan gonzalez [mailto:[EMAIL PROTECTED] > Sent: Saturday, November 12, 2005 4:35 AM > To: support@pfsense.com > Subject: Re: [pfSense Support] captive portal - Is this possible? > > spoofed ip/arp ;) ?? --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
