From Scott.Lemon at HumanXtensions.com Mon Oct 13 22:47:49 2008 From: Scott.Lemon at HumanXtensions.com (Scott C. Lemon) Date: Mon, 13 Oct 2008 23:47:49 -0600 Subject: [NoCat] Is there anybody out there? Message-ID: I'm curious ... is there anyone still out there using/working on Nocat? I've been running the system for years, and have recently been fixing a few bugs and making some changes. Was curious if anyone was still working with it ... interested in the fixes or changes ... Scott C. Lemon From ehk20 at cam.ac.uk Tue Oct 14 03:38:36 2008 From: ehk20 at cam.ac.uk (Espen Koht) Date: Tue, 14 Oct 2008 11:38:36 +0100 Subject: [NoCat] Is there anybody out there? In-Reply-To: References: Message-ID: <9AEE475F-E138-495D-9C23-57CE2DB8AEA6@cam.ac.uk> On 14 Oct 2008, at 06:47, Scott C. Lemon wrote: > I'm curious ... is there anyone still out there using/working on > Nocat? > > I've been running the system for years, and have recently been > fixing a few > bugs and making some changes. Was curious if anyone was still > working with > it ... interested in the fixes or changes ... We still use it here at Cambridge, both in relatively vanilla form at some sub-institutions, but also for the campus-wide "lapwing" service which has seen rather more changes and improvements (particularly on the logging and admin side). Espen Koht IT Manager St Edmund's College From steve.platt at mrc-bsu.cam.ac.uk Tue Oct 14 08:04:01 2008 From: steve.platt at mrc-bsu.cam.ac.uk (Steve Platt) Date: Tue, 14 Oct 2008 16:04:01 +0100 Subject: [NoCat] Is there anybody out there? In-Reply-To: Message from "Scott C. Lemon" of "Mon, 13 Oct 2008 23:47:49 MDT." Message-ID: >is there anyone still out there using/working on Nocat? Further to Espen's remarks, we too are still using it as described below. We use it (in "bridge mode") to authenticate users of our wireless network. We had some trouble at first understanding the various timeout options and had to disable one of them (IdleTimeout) to stop active users being chucked off (hmmm, maybe ARP just ain't what it used to be?). We still have the problem that users sometimes find they don't have to authenticate any more after a while. Of course they never complain about this! Of course, if we hadn't disabled the IdleTimeout option then we might never see this second problem. Other than that it does the job we want so we're happy to be using NoCat ... thanks to everyone who has supported its development so far! Recently, however, a minor query has arisen. We now find we need to allow "incoming" HTTP connections to one of our wireless hosts (on TCP port 80). As this host doesn't need to authenticate to NoCat we have already added an "exception" for this host and this allows most traffic (eg incoming SSH) to work as if the NoCat bridge were not there, which is what we want for this host. It seems incoming HTTP connections to this host are being "captured" (since they are to port 80) despite the "exception". I guess NoCat in bridge mode cannot distinguish between "inside" and "outside"? Any suggestions for overcoming this would be welcome. For now we've connected the host concerned to the other "side" of the bridge but this is slightly inconvenient and I'd rather avoid it if possible. Thanks, Steve Platt From underspell at gmail.com Tue Oct 14 02:32:51 2008 From: underspell at gmail.com (Jose Borges Ferreira) Date: Tue, 14 Oct 2008 10:32:51 +0100 Subject: [NoCat] Is there anybody out there? In-Reply-To: References: Message-ID: <5c110f410810140232o1bca41d1uc4c197d473e5ed1b@mail.gmail.com> I'm exactly in the same situation. Jos? Borges Ferreira On Tue, Oct 14, 2008 at 6:47 AM, Scott C. Lemon < Scott.Lemon at humanxtensions.com> wrote: > I'm curious ... is there anyone still out there using/working on Nocat? > > I've been running the system for years, and have recently been fixing a few > bugs and making some changes. Was curious if anyone was still working with > it ... interested in the fixes or changes ... > > > Scott C. Lemon > > > > _______________________________________________ > NoCat mailing list > NoCat at lists.nocat.net > http://lists.nocat.net/mailman/listinfo/nocat > From hieudt84 at gmail.com Tue Oct 14 06:21:27 2008 From: hieudt84 at gmail.com (Hieu DangTrung) Date: Tue, 14 Oct 2008 15:21:27 +0200 Subject: [NoCat] Is there anybody out there? In-Reply-To: References: Message-ID: Hi, I developped it in one of my project 2 years ago. I have added the function accounting, message in 2 way, user and gateway management, ... In bref, my system is nearly an AAA system. On Tue, Oct 14, 2008 at 7:47 AM, Scott C. Lemon < Scott.Lemon at humanxtensions.com> wrote: > I'm curious ... is there anyone still out there using/working on Nocat? > > I've been running the system for years, and have recently been fixing a few > bugs and making some changes. Was curious if anyone was still working with > it ... interested in the fixes or changes ... > > > Scott C. Lemon > > > > _______________________________________________ > NoCat mailing list > NoCat at lists.nocat.net > http://lists.nocat.net/mailman/listinfo/nocat > From schuyler at nocat.net Tue Oct 14 11:02:23 2008 From: schuyler at nocat.net (Schuyler Erle) Date: Tue, 14 Oct 2008 11:02:23 -0700 Subject: [NoCat] Is there anybody out there? In-Reply-To: References: Message-ID: <20081014180223.GS7731@vishnu.tridity.org> I just want to say for the record that I've been trying to find a maintainer for this project for years, because I'm no longer seriously involved in community wireless myself but I know that enough others still are. Several individuals have volunteered to take over maintenance and then failed to follow up. If anyone on this list is serious about it (I'm looking at you, Scott ;) then please contact me. Thanks! SDE * On 13-Oct-2008 at 10:55PM PDT, Scott C. Lemon said: > I'm curious ... is there anyone still out there using/working on Nocat? > > I've been running the system for years, and have recently been fixing a few > bugs and making some changes. Was curious if anyone was still working with > it ... interested in the fixes or changes ... > > > Scott C. Lemon > > > > _______________________________________________ > NoCat mailing list > NoCat at lists.nocat.net > http://lists.nocat.net/mailman/listinfo/nocat From bsteinberg at minlib.net Tue Oct 14 13:21:15 2008 From: bsteinberg at minlib.net (Ben Steinberg) Date: Tue, 14 Oct 2008 16:21:15 -0400 Subject: [NoCat] Is there anybody out there? In-Reply-To: References: Message-ID: <20081014202115.GD4683@nevis> We're still using it for patrons at a public library. We've made no changes to the system except for the configuration change to cope with ARP spoofing attacks described in http://lists.nocat.net/pipermail/nocat/2007-September/006071.html Ben On Mon, Oct 13, 2008 at 11:47:49PM -0600, Scott C. Lemon wrote: > I'm curious ... is there anyone still out there using/working on Nocat? > > I've been running the system for years, and have recently been fixing a few > bugs and making some changes. Was curious if anyone was still working with > it ... interested in the fixes or changes ... > > > Scott C. Lemon > > > > _______________________________________________ > NoCat mailing list > NoCat at lists.nocat.net > http://lists.nocat.net/mailman/listinfo/nocat -- Ben Steinberg Public Library of Brookline From twistedpickles at gmail.com Tue Oct 14 11:44:35 2008 From: twistedpickles at gmail.com (twistedpickles) Date: Tue, 14 Oct 2008 13:44:35 -0500 Subject: [NoCat] Is there anybody out there? In-Reply-To: <20081014180223.GS7731@vishnu.tridity.org> References: <20081014180223.GS7731@vishnu.tridity.org> Message-ID: I still use it at nearly 9 Hotel properties. I have made more changes to the admin side such as accounting, enabling and disabling users by date, forcing redirect to alternate page after login per user or group. I'm willing to share my code. I think I'm finally going to give up on Nocat and switch to Valuepoint, Nomadix, or IP3. One of the things that I am trying to figure out is how to allow users on or through regardless of their ip address settings. I am looking for something almost transparent. I know that valuepoint and nomadix have a feature that allows users through regardless of their ip settings. All that is required is a proper ip stack on the client side. ::twistedPickles:: : From whiteca at gmail.com Tue Oct 14 10:43:02 2008 From: whiteca at gmail.com (Colin White) Date: Tue, 14 Oct 2008 12:43:02 -0500 Subject: [NoCat] Is there anybody out there? In-Reply-To: References: Message-ID: <8cf933780810141043g32e17bf0x9b323a5eb57f0bd8@mail.gmail.com> We still have half a dozen APs running on a mixture of Soekris and WRAP boards. A few minor 'undocumented features' we put up with, but otherwise we're pretty happy with NoCat. We did consider moving to WiFiDog but the cost benefit didn't stack up. We'd love to see this project complete the migration fromNoCatAuth to fully authenticated NoCatSplash. Keep up the great work (if you have the time!). Regards Colin On Tue, Oct 14, 2008 at 12:47 AM, Scott C. Lemon < Scott.Lemon at humanxtensions.com> wrote: > I'm curious ... is there anyone still out there using/working on Nocat? > > I've been running the system for years, and have recently been fixing a few > bugs and making some changes. Was curious if anyone was still working with > it ... interested in the fixes or changes ... > > > Scott C. Lemon > > > > _______________________________________________ > NoCat mailing list > NoCat at lists.nocat.net > http://lists.nocat.net/mailman/listinfo/nocat > -- Colin A. White P : +1 605 940 5863 From jclay at globalgossip.net Tue Oct 14 14:30:26 2008 From: jclay at globalgossip.net (James Clay) Date: Tue, 14 Oct 2008 22:30:26 +0100 Subject: [NoCat] Is there anybody out there? In-Reply-To: Message-ID: Hi You could try coova-chilli, which supports 'anyIP' allowing users with preconfigured static IPs to connect properly (also dhcp of course). I believe it has a similar set of features to NoCat as I tested out both a few years ago when I was first looking for a captive portal solution for laptop users. I run coova-chilli in over 250 locations and it works really well. Hope this helps, James. On 14/10/2008 19:44, "twistedpickles" wrote: I still use it at nearly 9 Hotel properties. I have made more changes to the admin side such as accounting, enabling and disabling users by date, forcing redirect to alternate page after login per user or group. I'm willing to share my code. I think I'm finally going to give up on Nocat and switch to Valuepoint, Nomadix, or IP3. One of the things that I am trying to figure out is how to allow users on or through regardless of their ip address settings. I am looking for something almost transparent. I know that valuepoint and nomadix have a feature that allows users through regardless of their ip settings. All that is required is a proper ip stack on the client side. ::twistedPickles:: : _______________________________________________ NoCat mailing list NoCat at lists.nocat.net http://lists.nocat.net/mailman/listinfo/nocat -- james clay global gossip europe 1.4 pattern house 223-227 st john street london EC1V 4LY tel +44 20 7253 5470 fax +44 20 7253 0176 mobile +44 7515 882 853 www.globalgossip.com From bdaldal at gmail.com Tue Oct 14 00:27:50 2008 From: bdaldal at gmail.com (systemx) Date: Tue, 14 Oct 2008 10:27:50 +0300 Subject: [NoCat] Is there anybody out there? In-Reply-To: References: Message-ID: Hi, I'm here and happy not be alone. I'm trying to use NoCat nearly more than one month. Especially it's iptables rules and service works on port 5280 is great. I liked NoCat so much. Easy and flexible. I try change login and logout system for my solution. I have to use SMS system, send password to cell phones And now i think i do lost of good things with NoCat. Already work with it. I 'd like to learn news about this. Regards Bulent DALDAL Turkey. 2008/10/14 Scott C. Lemon : > I'm curious ... is there anyone still out there using/working on Nocat? > > I've been running the system for years, and have recently been fixing a few > bugs and making some changes. Was curious if anyone was still working with > it ... interested in the fixes or changes ... > > > Scott C. Lemon > > > > _______________________________________________ > NoCat mailing list > NoCat at lists.nocat.net > http://lists.nocat.net/mailman/listinfo/nocat > -- B?lent DALDAL .. linux for life .. From hieudt84 at gmail.com Tue Oct 14 14:48:48 2008 From: hieudt84 at gmail.com (Hieu DangTrung) Date: Tue, 14 Oct 2008 23:48:48 +0200 Subject: [NoCat] Is there anybody out there? In-Reply-To: <8cf933780810141043g32e17bf0x9b323a5eb57f0bd8@mail.gmail.com> References: <8cf933780810141043g32e17bf0x9b323a5eb57f0bd8@mail.gmail.com> Message-ID: I think NoCat is only good to be a reference model There are still many bugs in it, the software itself has only the authentication part (not complete), and lacks of authorization and accounting. To be a AAA system, we have to rewrite some core modules (at least the module for exchanging the message).I'm really interested in it cause it was my first project in the open source domain. On Tue, Oct 14, 2008 at 7:43 PM, Colin White wrote: > We still have half a dozen APs running on a mixture of Soekris and WRAP > boards. > > A few minor 'undocumented features' we put up with, but otherwise we're > pretty happy with NoCat. > > We did consider moving to WiFiDog but the cost benefit didn't stack up. > > We'd love to see this project complete the migration fromNoCatAuth to fully > authenticated NoCatSplash. > Keep up the great work (if you have the time!). > > Regards > > Colin > On Tue, Oct 14, 2008 at 12:47 AM, Scott C. Lemon < > Scott.Lemon at humanxtensions.com> wrote: > > > I'm curious ... is there anyone still out there using/working on Nocat? > > > > I've been running the system for years, and have recently been fixing a > few > > bugs and making some changes. Was curious if anyone was still working > with > > it ... interested in the fixes or changes ... > > > > > > Scott C. Lemon > > > > > > > > _______________________________________________ > > NoCat mailing list > > NoCat at lists.nocat.net > > http://lists.nocat.net/mailman/listinfo/nocat > > > > > > -- > Colin A. White > P : +1 605 940 5863 > _______________________________________________ > NoCat mailing list > NoCat at lists.nocat.net > http://lists.nocat.net/mailman/listinfo/nocat > From Scott.Lemon at HumanXtensions.com Wed Oct 15 23:09:13 2008 From: Scott.Lemon at HumanXtensions.com (Scott C. Lemon) Date: Thu, 16 Oct 2008 00:09:13 -0600 Subject: [NoCat] Is there anybody out there? In-Reply-To: <20081014180223.GS7731@vishnu.tridity.org> References: <20081014180223.GS7731@vishnu.tridity.org> Message-ID: <328555F27A9F49988FDB6E2FC9E1EAEB@MobileDuoCell> Ok ... I'll get in touch next week and see about talking with you about what is where, etc. Overall ... The system is still working, but there are a few bugs to be fixed, and I'd like to see them get repaired. I'm running a full system with LDAP integration ... My next biggest issues is that somehow in the Captive mode people are able to break in and gain access (iptables rules allowing them access) without being logged in. I'm not sure how they are doing this ... I'm running a fork of 0.82 ... Scott C. Lemon -----Original Message----- From: nocat-bounces at lists.nocat.net [mailto:nocat-bounces at lists.nocat.net] On Behalf Of Schuyler Erle Sent: Tuesday, October 14, 2008 12:02 PM To: Scott C. Lemon Cc: nocat at lists.nocat.net Subject: Re: [NoCat] Is there anybody out there? I just want to say for the record that I've been trying to find a maintainer for this project for years, because I'm no longer seriously involved in community wireless myself but I know that enough others still are. Several individuals have volunteered to take over maintenance and then failed to follow up. If anyone on this list is serious about it (I'm looking at you, Scott ;) then please contact me. Thanks! SDE * On 13-Oct-2008 at 10:55PM PDT, Scott C. Lemon said: > I'm curious ... is there anyone still out there using/working on Nocat? > > I've been running the system for years, and have recently been fixing > a few bugs and making some changes. Was curious if anyone was still > working with it ... interested in the fixes or changes ... > > > Scott C. Lemon > > > > _______________________________________________ > NoCat mailing list > NoCat at lists.nocat.net > http://lists.nocat.net/mailman/listinfo/nocat _______________________________________________ NoCat mailing list NoCat at lists.nocat.net http://lists.nocat.net/mailman/listinfo/nocat From Scott.Lemon at HumanXtensions.com Thu Oct 16 03:07:28 2008 From: Scott.Lemon at HumanXtensions.com (Scott C. Lemon) Date: Thu, 16 Oct 2008 04:07:28 -0600 Subject: [NoCat] Is there anybody out there? In-Reply-To: <20081014180223.GS7731@vishnu.tridity.org> References: <20081014180223.GS7731@vishnu.tridity.org> Message-ID: <2B39F2C65EB247F8B5D456D0814324FF@MobileDuoCell> BTW Schuyler, I noticed in some comments that you mention an exception about Windows Update ... And that it is "broken". Do you remember what the issues was that Windows Update was causing, and why you had to write the exception?? # Redirect outbound non-auth web traffic to the local gateway process # except to windowsupdate.microsoft.com, which is broken. # # If MembersOnly is active, then redirect public class as well # if [ "$MembersOnly" ]; then nonauth="3 4" else nonauth="4" fi for port in 80 443; do for mark in $nonauth; do $redirect -m mark --mark $mark -d windowsupdate.microsoft.com -j DROP $redirect -m mark --mark $mark -p tcp --dport $port -j REDIRECT \ --to-port $GatewayPort done done I am trying to track down how I am seeing these computers that have "broken" through the gateway, and am often seeing numerous "attacks" by various update services ... Symantec, MacAfee, etc. ... Where they are hammering the gateway with requests over and over for long periods. What I end up with is a iptables rule that appears as "half" of the access permit pair ... Only the NoCat_Inbound rule is there ... But it allows them to use the Internet somehow. When I run the access deny command, I get an error that the NoCat rule doesn't exist ... Curious ... And I'll still get in contact this next week to see what we can do! Thanks! Scott C. Lemon -----Original Message----- From: nocat-bounces at lists.nocat.net [mailto:nocat-bounces at lists.nocat.net] On Behalf Of Schuyler Erle Sent: Tuesday, October 14, 2008 12:02 PM To: Scott C. Lemon Cc: nocat at lists.nocat.net Subject: Re: [NoCat] Is there anybody out there? I just want to say for the record that I've been trying to find a maintainer for this project for years, because I'm no longer seriously involved in community wireless myself but I know that enough others still are. Several individuals have volunteered to take over maintenance and then failed to follow up. If anyone on this list is serious about it (I'm looking at you, Scott ;) then please contact me. Thanks! SDE * On 13-Oct-2008 at 10:55PM PDT, Scott C. Lemon said: > I'm curious ... is there anyone still out there using/working on Nocat? > > I've been running the system for years, and have recently been fixing > a few bugs and making some changes. Was curious if anyone was still > working with it ... interested in the fixes or changes ... > > > Scott C. Lemon > > > > _______________________________________________ > NoCat mailing list > NoCat at lists.nocat.net > http://lists.nocat.net/mailman/listinfo/nocat _______________________________________________ NoCat mailing list NoCat at lists.nocat.net http://lists.nocat.net/mailman/listinfo/nocat From schuyler at nocat.net Thu Oct 16 09:24:17 2008 From: schuyler at nocat.net (Schuyler Erle) Date: Thu, 16 Oct 2008 12:24:17 -0400 Subject: [NoCat] Is there anybody out there? In-Reply-To: <2B39F2C65EB247F8B5D456D0814324FF@MobileDuoCell> References: <20081014180223.GS7731@vishnu.tridity.org> <2B39F2C65EB247F8B5D456D0814324FF@MobileDuoCell> Message-ID: <1224174257.32588.7.camel@goldman> On Thu, 2008-10-16 at 04:07 -0600, Scott C. Lemon wrote: > I noticed in some comments that you mention an exception about Windows > Update ... And that it is "broken". Do you remember what the issues was > that Windows Update was causing, and why you had to write the exception?? > > # Redirect outbound non-auth web traffic to the local gateway process > # except to windowsupdate.microsoft.com, which is broken. > > I am trying to track down how I am seeing these computers that have "broken" > through the gateway, and am often seeing numerous "attacks" by various > update services ... Symantec, MacAfee, etc. ... Where they are hammering the > gateway with requests over and over for long periods. That was it precisely. It makes the gateway fall over. I think that iptables supports some kind of rate limiting that might be useful here. > What I end up with is a iptables rule that appears as "half" of the access > permit pair ... Only the NoCat_Inbound rule is there ... But it allows them > to use the Internet somehow. When I run the access deny command, I get an > error that the NoCat rule doesn't exist ... I confess that I haven't touched this code in so long that I honestly don't recall... :( SDE From erecio at polywog.org Thu Oct 16 13:24:54 2008 From: erecio at polywog.org (E. M. Recio) Date: Thu, 16 Oct 2008 16:24:54 -0400 Subject: [NoCat] Is there anybody out there? In-Reply-To: <1224174257.32588.7.camel@goldman> References: <20081014180223.GS7731@vishnu.tridity.org> <2B39F2C65EB247F8B5D456D0814324FF@MobileDuoCell> <1224174257.32588.7.camel@goldman> Message-ID: <48F7A316.7040601@polywog.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've ended up restarting the gateway once a day, and that seemed to do the trick. I'll keep apprised for any "tweaks" :) Schuyler Erle wrote: >> I am trying to track down how I am seeing these computers that have "broken" >> through the gateway, and am often seeing numerous "attacks" by various >> update services ... Symantec, MacAfee, etc. ... Where they are hammering the >> gateway with requests over and over for long periods. > > That was it precisely. It makes the gateway fall over. I think that > iptables supports some kind of rate limiting that might be useful here. - -- Thanks, E. Recio MAC user's dynamic debugging list evaluator? Never heard of that. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkj3oxUACgkQKoXvoXXmAZ38dwCfTFWJHLZALWXBkEsXmv2bsD1w LCkAnA1VzZ5OuT5mqoXxTjU5hBuWYk2N =oXWh -----END PGP SIGNATURE----- From jaybeattie at gmail.com Wed Oct 22 10:59:38 2008 From: jaybeattie at gmail.com (Jay) Date: Wed, 22 Oct 2008 12:59:38 -0500 Subject: [NoCat] Is there anybody out there? In-Reply-To: <48F7A316.7040601@polywog.org> References: <20081014180223.GS7731@vishnu.tridity.org> <2B39F2C65EB247F8B5D456D0814324FF@MobileDuoCell> <1224174257.32588.7.camel@goldman> <48F7A316.7040601@polywog.org> Message-ID: We have been using Nocat since 2003 at our public Library. One thing we are seeing is more hand held devices that want to connect to the net but can't bring up a WEB page to authenticate against so they can't use our service. The only reason we use nocat is to get statistics. 4,500 - 5,500 people a month use our service. I would like a captive portal to just "Count" the connections being whatever protocol the user is using and not make them "Accept" our terms. Idea's ? Thanks -Jay From Scott.Lemon at HumanXtensions.com Wed Oct 22 16:47:46 2008 From: Scott.Lemon at HumanXtensions.com (Scott C. Lemon) Date: Wed, 22 Oct 2008 17:47:46 -0600 Subject: [NoCat] Is there anybody out there? In-Reply-To: References: <20081014180223.GS7731@vishnu.tridity.org><2B39F2C65EB247F8B5D456D0814324FF@MobileDuoCell><1224174257.32588.7.camel@goldman> <48F7A316.7040601@polywog.org> Message-ID: <5F6F937397494AEBB199475F9C041559@MobileDuoCell> You could probably do something like that by simply processing the DHCP log files on your server. If you were to count the unique MAC addresses, and maybe the number of times each one appeared on your network ... You could use a short (maybe 1 day or less?) lease time ... And then post process each day into a db that you could report off of ... Scott C. Lemon -----Original Message----- From: nocat-bounces at lists.nocat.net [mailto:nocat-bounces at lists.nocat.net] On Behalf Of Jay Sent: Wednesday, October 22, 2008 12:00 PM To: nocat at lists.nocat.net Subject: Re: [NoCat] Is there anybody out there? We have been using Nocat since 2003 at our public Library. One thing we are seeing is more hand held devices that want to connect to the net but can't bring up a WEB page to authenticate against so they can't use our service. The only reason we use nocat is to get statistics. 4,500 - 5,500 people a month use our service. I would like a captive portal to just "Count" the connections being whatever protocol the user is using and not make them "Accept" our terms. Idea's ? Thanks -Jay _______________________________________________ NoCat mailing list NoCat at lists.nocat.net http://lists.nocat.net/mailman/listinfo/nocat