Security

Reply
Occasional Contributor II
Posts: 17
Registered: ‎04-18-2014

DNS tunnelling through Guest portal

Hi,

 

I've just installed a new Aruba system and have found i can DNS tunnel out of the captive portal and get web access without authenticating. Is there a way to block this?

 

thanks.

 

MVP
Posts: 1,408
Registered: ‎05-28-2008

Re: DNS tunnelling through Guest portal

edit your guest-logon (or pre captive role) to  block any traffic of DNS - except of the allowed servers.

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Occasional Contributor II
Posts: 17
Registered: ‎04-18-2014

Re: DNS tunnelling through Guest portal

I'm tunnelling it via the allowed server to the external proxy so sadly i don't think that will help.

 

MVP
Posts: 1,408
Registered: ‎05-28-2008

Re: DNS tunnelling through Guest portal

?! to the allowed server? please explain , y your guests got access to your allowed server before captive? block it.

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Occasional Contributor II
Posts: 17
Registered: ‎04-18-2014

Re: DNS tunnelling through Guest portal

Yes, but i assumed the clients will require DNS so it can redirect to the captive portal via its registered name?

 

Allowed server = Internal DNS server , that was a bit unclear.

 

MVP
Posts: 1,408
Registered: ‎05-28-2008

Re: DNS tunnelling through Guest portal

try to use an IP address (not name) for the captive.

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Occasional Contributor II
Posts: 17
Registered: ‎04-18-2014

Re: DNS tunnelling through Guest portal

That will break the SSL cert though. We don't won't an untrusted site warning coming up for every guest.

 

MVP
Posts: 1,408
Registered: ‎05-28-2008

Re: DNS tunnelling through Guest portal

It's a username password captive portal? or e-mail guest login? (in order not to see the cert error,u can choose to use IP ADDRESS and a normal HTTP under the l3 captive portal profile)

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Occasional Contributor II
Posts: 17
Registered: ‎04-18-2014

Re: DNS tunnelling through Guest portal

Its the sponsored guest registration page. 

I'm only just learning the Aruba layout , coming from a Cisco WLC background so my terminology might be a bit off..

 

https://servername/guest/guest_registration

 

It also allows you to sign in if you already have an account so not happy with turning encryption off really.

 

thanks again.

 

MVP
Posts: 1,408
Registered: ‎05-28-2008

Re: DNS tunnelling through Guest portal

Are u using built-in captive portal on the controler? or r'u using Clearpass Guest loginpage?

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Search Airheads
Showing results for 
Search instead for 
Did you mean: