| sean finney on 9 Apr 2004 00:05:03 -0000 |
|
On Thu, Apr 08, 2004 at 07:23:48PM -0400, Jeff Abrahamson wrote: > > My question is: how does that work? How do they do that? Is there a > > way to defeat it? > > I have not found an adequate answer for him. Anyone know how this > works? His interest concerns switching to a low-cost DSL provider > that he is afraid may do such things. (He could ask, of course, and > he may agree in his contract with them not to subvert it. But that's > a different issue than how it's done.) generally, there are two ways i know of folks doing this. 1) stub dns servers. basically, you pool clients into two categories (based on mac addresses typically). the dhcp server gives the known clients the standard network configuration, and gives the unknown clients the same info except for the dns server, which is a different machine (or bind view for the bind9 servers) that resolves all ns queries to a single address. so no matter where you go, you get their page and have to register/pay/authenticate/whatever. of course, for the l33t h4x0rz this is easy to circumvent. 2) ip routing and a forced proxy. a little harder to get around, they have funky arp or nat rules set up to rewrite packets and redirect them to their web server, unless you're going through their authenticated proxy. there's probably more that i don't know about. if you're familiar with a few network tools like ettercap/tcpdump/nmap/queso/nc you can usually get an idea of what's going on. sean Attachment:
signature.asc
|
|