NMAP INTERFACE VLAN -> WITH CAPTIVE PORTAL
-
Huh
I'm running some tests and don't know what this wrong … maybe rules, do not know ...I have one interface with 10 vlans.
ALL intefaces with CAPTIVE PORTAL "VOUCHER"
The test !!!!!
WITH CAPTIVE-PORTAL
My ip 172.16.3.10
NMAP -T4 -A -v -Pn 172.16.2.0/24
there is a rule that blocks any any any any
But....
172.16.2.0 "n" all IP´S send SYN/ACK to "n" ports.
WITHOUT CAPTIVE-PORTAL
NMAP -T4 -A -v -Pn 172.16.2.0/24
NO SYN/ACK
SOMEONE ALREADY MADE THIS TEST? COULD HELP ME.
Thanks
-
:( NOBODY ????????
Please….
Thanks.
-
You haven't provided enough information to do anything but guess as what might be happening.
Though if you are scanning from a host behind the portal, and you haven't signed onto the portal yet, you may be hitting the redirect rule and getting unexpected results.
-
I think this is it. I wish this did not happen. What do I do?
Thank you. -
If you authenticate via the portal before trying to access anything, it should flow freely. However, if you really must run network scans, it's best to run them from a place that has as little filtering as possible, because of just this reason: you never know if you are really seeing the results of scanning the remote host, or if it's being filtered/altered somewhere in between.
-
understood.
Let's say a machine starts a User bombard the pfsense with these SYN / SYNACK.
I'm afraid that might cause a DOS.
This is my concern.thank JIMP
-
You can prevent this with firewall rules.
Specifying the rate connections can be created. -
Ermal…...
I created a rule that prohibits all but the captive configured on the interface.
It seems that when the captive-enabled interface, they do not respect the firewall
rules, after the user authenticates to the captive rules are then followed.
Something that I think should happen is just spotting nmap tcp port 8000
for authentication, nothing more.Thank you very much