HostAP and Nessus

Jouni Malinen jkmaline at cc.hut.fi
Thu Jun 3 22:07:54 EDT 2004


On Thu, Jun 03, 2004 at 09:21:03AM +0200, Gunter Burchardt wrote:

> This isnt true. 802.1x speaks about a controlled port and a
> uncontrolled port. On uncontrolled port a client can connect without
> authentication. Some vendor use this to display web-pages to login. 
> 
> I think hostapd didn't support an uncontrolled port. This could be a
> feature request to Jouni Malinen to add an "uncontrolled" interface for
> unauthorised stations. 

Uncontrolled port is used for EAPOL frames (which are sent using wlan0ap
interface to hostapd).

Why would you like to use IEEE 802.1X for this kind of use? I would
assume you would first need to allow DHCP (in most cases) to be used to
get an IP address and then perform some kind of scan of the client
device. Only at that point, other data traffic would be allowed. This
sounds like something that could be easily done using iptables/ebtables
and some kind of callback from hostapd.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list