|
A quick update...
Having a hard rule in the firewall forbidding all unauthorized computers doesn't work. If the user cannot get to a site, they don't get redirected by the captive portal. DOH!
What I ended up doing was to allow only HTTP for unauthorized computers that borrow or steal a password and I setup Traffic shaper to slow their access to 20kbps down and 10kbps up. Someone that steals a password should be disappointed enough with the slow speed to give up and if they don't, the slow speed will limit the damage they can inflict.
Only those that I authorize will get full bandwidth and full functionality. I got that working pretty slick.
So far I've been trapping a few employees in my "HoneyPot". Company policy forbids their connecting to an AP while they are network connected. Of course they claim ignorance even when presented with the evidence. I don't know whether I should believe them or not. How does one connect to an AP by accident? Why would they even have their wireless card turned on in the office? I have also seen one non-company computer connect to the AP several times but there does not appear to be any attempted access according to the logs. I guess maybe people can connect by accicent. Now I need to find a way to track down these wireless critters.
| 
