NMAP INTERFACE VLAN -> WITH CAPTIVE PORTAL



  • Huh
    I'm running some tests and don't know what this wrong … maybe rules, do not know ...

    I have one interface with 10 vlans.

    ALL intefaces with CAPTIVE PORTAL "VOUCHER"

    The test !!!!!

    WITH CAPTIVE-PORTAL

    My ip 172.16.3.10

    NMAP -T4 -A -v -Pn  172.16.2.0/24

    there is a rule that blocks any  any  any  any

    But....

    172.16.2.0 "n"  all IP´S  send SYN/ACK to "n" ports.

    WITHOUT  CAPTIVE-PORTAL

    NMAP -T4 -A -v -Pn  172.16.2.0/24

    NO SYN/ACK

    SOMEONE ALREADY MADE THIS TEST? COULD HELP ME.

    Thanks



  • :(            NOBODY ????????

    Please….

    Thanks.


  • Rebel Alliance Developer Netgate

    You haven't provided enough information to do anything but guess as what might be happening.

    Though if you are scanning from a host behind the portal, and you haven't signed onto the portal yet, you may be hitting the redirect rule and getting unexpected results.



  • I think this is it. I wish this did not happen. What do I do?
    Thank you.


  • Rebel Alliance Developer Netgate

    If you authenticate via the portal before trying to access anything, it should flow freely. However, if you really must run network scans, it's best to run them from a place that has as little filtering as possible, because of just this reason: you never know if you are really seeing the results of scanning the remote host, or if it's being filtered/altered somewhere in between.



  • understood.
    Let's say a machine starts a User bombard the pfsense with these SYN / SYNACK.
    I'm afraid that might cause a DOS.
    This is my concern.

    thank JIMP



  • You can prevent this with firewall rules.
    Specifying the rate connections can be created.



  • Ermal…...

    I created a rule that prohibits all but the captive configured on the interface.
    It seems that when the captive-enabled interface, they do not respect the firewall
    rules, after the user authenticates to the captive rules are then followed.
    Something that I think should happen is just spotting nmap tcp port 8000
    for authentication, nothing more.

    Thank you very much


Log in to reply