CaptivePortal gateways such as NoCatAuth are great ways for community networks to provision free wireless AccessPoints. However as a commercial authenticaion system they have some weaknesses. I won't elaborate too much here but since DNS is typically required in order to seemlessly capture the clients request you can do IP over DNS tunnels. -- AdamShand

Further if the gateway allows ICMP there are more problems:

There are of course fixes for all of these problems, the most obvious is don't allow ICMP traffic to pass until the cusomter is authenticated. For DNS it's a little harder but I'm sure someone can think of something :-)