CaptivePortal gateways such as NoCatAuth are great ways for community networks to provision free wireless AccessPoints.  However as a commercial authenticaion system they have some weaknesses.  I won't elaborate too much here but since DNS is typically required in order to seemlessly capture the clients request you can do IP over DNS tunnels. -- AdamShand

 * http://slashdot.org/articles/00/09/10/2230242.shtml
 * http://nstx.dereference.de

Further if the gateway allows ICMP there are more problems:

 * http://peter.eluks.com/code/Unix/C/ICMP-Shell/

There are of course fixes for all of these problems, the most obvious is don't allow ICMP traffic to pass until the cusomter is authenticated.  For DNS it's a little harder but I'm sure someone can think of something :-)

Two common ideas like only authorise DNS to the knowned DNS servers served by the DHCP or installing a local caching only nameserver both won't work, because these DNS-servers will happily forward the DNS-requests to the target nameserver

----
[CategoryDocumentation]