Captive Portal Hacking Defence

Feb 23, 2020 07:27 AM

Hello,

As i understand, there are many ways to bypass captive portal so that an attacker can access internet even without entering credentials like facebook login or SMS OTP. I was drag to support an existing group in my company and one of our clients sends us an inquiry on how to prevent someone from bypassing captive portal. They mentioned that they run .sh script in kali to achieve this. I have few questions..

Does captive portal register mac address instead of IP to permit public hosts to connect and have internet?

How can we prevent this type of attack?Can it be done in Access point level?

Does Increasing from WPA2 to WPA3 will prevent this? Or WPA encryption happens after the user/host already permitted to access internet and start browsing internet already..

thanks in advance..

Related Articles

637263493835297420.jpg

How to Use Zero-Width Characters to Hide Secret Messages in Text (& Even Reveal Leaks)

636455706472146367.jpg

How to Hide DDE-Based Attacks in MS Word

Comments

No Comments Exist

Be the first, drop a comment!