Tutorial of Add-On INTRUSOS (INTRUDERS) – Basic Manual
Introduction
On many occasions we feel the need to control unauthorized access or "unintended access" by strangers.
Among possible solutions are using security tools such as WEP or WPA keys in the APs, in our simplified firewall brazilfw writing lists of ips, mac, mac + ip or some sort of authentication such as EasyCaptive.
There are circumstances in which for various reasons we do not use the above types of controls or they are not effective.
There is the possibility of creating a captive portal that captures those unauthorized users, which enables us to offer the intruder full details on the terms of use, contact manager, prices, and other information of interest to the Network Administrator.
This add-on creates a portal and automatically configures a network and a sub dhcp service to those who are not registered with DHCP reservations (intruders). They are given IPs in a different range from that of our users, hence they are caught into a captive portal, and generates a record that contains the date, time, ip and mac of the intruder.
It is compatible with all versions.
For those who followed the manual “Portal para intrusos” and set it manually, I recommend that you delete the old config before installing this add-on.
Note: "It is not an effective solution, but it is very useful"
It is important to note that for Intrusos 1.0 to function properly you must meet the following requirements:
1. You must enable dhcp and dns server of brazilfw.
To do this we must go to the option:
- DHCP Configuration -, - Enable DNS Cache BrazilFW?- YES --
- Start IP Address (Required) - put the starting ip which is delivered to our subscribers. In my case I use 192.168.50.4
- End IP Address (Required) - put the final ip of the range offered by our dhcp server. In my case I use 192.168.50.150
The latter two options give the range of IPs to allocate to our registered or allowed customers .
- Router (Optional): put the ip of our server. In my case, 192.168.50.1
- Subnetwork (Optional): Our netmask 255.255.255.0 in my case
2. After complying with the above configuration go to:
- DHCP Configuration
--[ DHCP server leases reservations ]
Add the dhcp reservations for our users, for this we must know the mac and ip we want our clients to get, and we also add a descriptive name (Do not use special characters. Use short names such John, Charles, Mary, Kate).
-------------------------------------------------------------------------------------------------------
3. There is something important to consider for customers who have a radio behind client bridge mode or in infrastructure mode to bridge the mac sees the dhcp server is the user's computer but the firewall sees the radio mac. Therefore if we put the mac dhcp reservations of our bridge mode radio user as an intruder fall since the mac of your pc is not in the dhcp reservations.
4. If simple firewall is activated the option to tie ip + mac, add to the range of network intrusion whitelisted. 192.168.200.0/24 added as an example. This does not mean that the left to navigate. But do not add no navigation capability will therefore not charge the notice of the portal, simply can not browse them nor display the warning.
With this we are ready to install our addon intrusos 1.0.
NOTE: if you doubt, you should keep a close eye on the add-on INTRUSOS be mounted as an add-on common and current as the manual installation of the addon link below and applies to both dimensions before in the previous paragraph: viewtopic.php?f=38&t=62466&start=0&st=0&sk=t&sd=a
Setup for Using Native alone or with a Argento QoS
Once installed the add-on will find the tab INTRUSOS 1.0
Then the first thing to do is edit the variables in modifications to our taste and variables taken into account that we must not skip this step before proceeding to set or some other option.
Changing and adjusting all the variables in our taste of the range indicating that we want to deliver false DCHP taking into account that great care must be taken that all values are consistent when used to specify the IP.
On this site we can at the moment and off we want you modify the variable "YES" or "NO" to our desire.
- Código: Selecionar todos
ACTIVO="YES"
Indicate the range of the new subnet to use for users not registered by us as customers (Intruders).
- Código: Selecionar todos
SUNETFALSE="192.168.0.0/24"
Indicate a false gateway to the User not Registered..
- Código: Selecionar todos
GATEWAYFALSE="192.168.0.254"
Write a range of IPs to be given to anyone not already registered user on our network delivering a dynamic IP which must specify the start and the end of that range for this example we are giving IPs from number 20 to number 100.
- Código: Selecionar todos
RANGDHCP="192.168.0.20,192.168.0.100"
Write the DNS which is recommended to be used the DNS of our ISP and avoid making known our true internal DNS server.
- Código: Selecionar todos
DNS_ISP="200.44.32.12,200.11.248.12"
Note: it is vital that we put an IP address from a DNS true to our site can be shown to the intruders, if not they will have no more than a simple blank page in their browsers.
here's the port to which our user is redirected to show the intruder portal
- Código: Selecionar todos
PORTFALSE="716"
Once edited the variables, we can without any problem click Create Portal Create and DHCP Subnet False
And this we should see the two signs that are installed and the option to delete (to be used again if you want to modify the variables).
Besides the options below to edit both the Start WEB SITE secondary subject which we can edit the following lines.
For a notice (the page redirects to a cgi which is two) is not clear that:
- Código: Selecionar todos
<html>
<head>
<meta http-equiv="Expires" content="Thu, 01 Jan 1970 00:00:00 GMT">
<meta http-equiv="Last-Modified" content="Thu, 01 Jan 1970 00:00:00 GMT">
<meta http-equiv="Cache-Control" content="no-store, no-cache, mustrevalidate">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Content-Language" content="es">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<META HTTP-EQUIV="REFRESH" CONTENT = "4; URL=http://192.168.200.254:716/cgi-bin/reg.cgi">
<title>Aviso</title>
<style type='text/css'>
<!--
.style1 {
font-family: Arial, Helvetica, sans-serif;
font-weight: bold;
}
.style2 {font-size: large;}
.style3 {color: #FF0000}
.style4 {
font-size: large;
color: #FF0000;
}
.style5 {
font-size: x-large;
}
body {
background-color: #FFFFFF;
}
-->
</style>
</head>
<body>
And on page two (cgi that logs the intruder's ip and mac) should be clear that:
- Código: Selecionar todos
#!/bin/sh
. /var/http/web-functions
. /etc/coyote/coyote.conf
. /tmp/netsubsys.state
. /intrusos/variables.conf
mac=`cat /proc/net/arp | grep $REMOTE_ADDR | tr -s ' ' | cut -d " " -f 4`
echo "$(date) $REMOTE_ADDR $mac " >> /intrusos/intruso.log
cat << CLEOF
<html>
<head>
<meta http-equiv="Expires" content="Thu, 01 Jan 1970 00:00:00 GMT">
<meta http-equiv="Last-Modified" content="Thu, 01 Jan 1970 00:00:00 GMT">
<meta http-equiv="Cache-Control" content="no-store, no-cache, mustrevalidate">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Content-Language" content="es">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Aviso</title>
<style type='text/css'>
<!--
.style1 {
font-family: Arial, Helvetica, sans-serif;
font-weight: bold;
}
.style2 {font-size: large;}
.style3 {color: #FF0000}
.style4 {
font-size: large;
color: #FF0000;
}
.style5 {
font-size: x-large;
}
body {
background-color: #FF7F00;
}
-->
</style>
</head>
<body>
In case of mistakes or errors with regard to the issue of warnings or errors, mistakes in the file variables, fix clicking the delete option, then click install and sub net portal
Installation for those who use Argento Bridge
While this setup is very similar to the previous one, in this case we will have a few differences as control or tie-IP and MAC are no longer necessarily have to have the QoS or Native principal because they can apply in Argento Bridge and take a look we avoid double-checking with the association of IP or MAC + MAC called IP Location
In the case of using the series argento Intrusos 1.0 must be installed in qos and the bridge created a simple class id which permits the range of network intruders, so that they go to the portal qos. Ing to this portal does not open if the intruder is not capable of navigation. THE qos locking handle on the portal. The line to add in the bridge (edit qos script) is:
- Código: Selecionar todos
simple_class_id 49 10 30 50 90 192.168.200.0/24
care .. not trigger squid transparent range intruders..
Autor add-on: Angel Ruiz (angelruiz)
Autor Tutorial: Juan C. Mariño (jcmr79) y Angel Ruiz (angelruiz)
Traductor de add-on:(rinrinrenacuajo)
Translated into English as best as possible by ghost
############################### (Soon add some utilities to improve our security)
