Shostack + Friends Blog Archive

 

There’s got to be an IT secret handshake

authentication-web-page.jpg

I’ve been in the hotel I am in for over a week now. It is a European hotel that has wireless, and you have to get an access card and type a six-character string into an access web page. That authenticates you, and you can go.

The problem I have today is that I can browse the net completely. But I can’t do anything else. No email, no vpn, no ping, no traceroute, no nothing. If I telnet to a useful port on my own servers, I get a syn/ack/syn and no flow.

My hypothesis is that whatever does a redirect on port 80 to get you to the authentication web page is broken.

I’ve talked to first-line tech support at the provider who let it slip that he thinks its in the firewall at the hotel. This is consistent with my evidence. However, he won’t let me talk to anyone who actually knows what “ping” is. I have talked to someone at my front desk, who has talked to the local IT person, and we’ve had mediated back-and-forths.

If I could actually talk to someone who knows what a web redirect is or even what a “port” is, I could let them know. If I knew the URL of the authentication page, I could tell them the problem. The local IT guy is presently talking to the ISP, but I told the gal at the desk that I’m an IT person, too, and if their IT guy will call me, then I will help explain the problem.

As a matter of fact, while writing this, I just connected to an https url, which redirected me to the authentication page, and now everything is working. This is how you’re reading this today. So I know what their problem is and can tell them how to fix it. They just have to know that I know, and that I’m not a mere luser.

We need an IT secret handshake. Perhaps Randall Munroe can help. Remember those old stories about the Freemasons in some pickle or another who suddenly showed the handshake? We need one.

Update: The gal at the front desk has called back. The ISP and the local IT people have decided this is actually my problem. However, she also says that another guest has this problem. I explained this as much as I could to her, and told her to tell the other guest to go to an SSL web page to fix it.

Photo courtesy of photos.tjweb and selected because it matched a search for “authentication web page”

7 comments on "There’s got to be an IT secret handshake"

  • Adam says:

    “Trust me, I’m a CISSP!” 🙂

  • Chris says:

    C|N>K

  • Matt says:

    Adam: That goes right along with “We’re from the government, and we’re here to help.” 😉

  • Roland Dobbins says:

    Security reasons aside, if you did the modern thing and set up a VPN concentrator (and configured it to allow you to connect on TCP/22/80/447), you wouldn’t have these problems.
    But you should be doing this for security reasons, anyways!

  • Scott says:

    @Roland: that works assuming the local wifi isn’t proxying tcp/80 (in which case you’d want something like corkscrew, I suppose). I haven’t seen many that do this – yet (but it’s certainly not because the software is expensive or difficult to obtain)

  • Mordaxus says:

    RE Roland —
    I couldn’t get to my VPN, either. I learned a lot about their access firewall, because it apparently lets the syn/ack/syn through so that once you authenticate your stalling connection will proceed.
    Many discussions I had with tech support focused on VPNs. I suspect their setup is frequently vpn-surly

  • LonerVamp says:

    A secret handshake will work…
    …until some smart ass at the Geek Squad figures it out, and tells every other “agent” about it…thus ruining the whole point…

Comments are closed.