Re: Web login

From: Marc Herbert <Marc Herbert gmail com>
To: networkmanager-list gnome org
Subject: Re: Web login
Date: Thu, 15 Apr 2010 10:11:46 +0100

> I wasn't against it per-se, but we need to really think about this since
> it certainly does have the potential to make people really mad.  The
> reference was about some DLink routers that DoS-ed the UW Madison NTP
> servers because they'd hard-coded the NTP server address in the firmware
> and didn't  have any rate-limiting when the server couldn't be reached,
> so they'd just retry over and over and over.

http://pages.cs.wisc.edu/~plonka/netgear-sntp/

There is a huge difference between the Netgear SNTP DoS above example
and trying to connect only once to http:/www.veryfamous.com/ in
NetworkManager. The latter approach would:

- go through round robin DNS
- go through some Content Delivery Network.
- be less buggy (wouldn't it?)
- and as a last resort (in case of a bug...), veryfamous.com is able
  to automatically blacklist you for a little while in case of abuse
  (try to download http://www.google.com/ in an infinite for loop and
  see what happens).

Think about the millions of Firefox users that load
http://www.google.com/ as their home page every time they start their
PC. Did Google go mad for this?

I am NOT saying that trying to connect to http://www.veryfamous.com/
is a great solution, far from that really. I am just specifically
saying there is no DoS problem to worry about.


>>> bool requiresWebLogin()
>>> {
>>>     return (    http://www.google.com
>>>              == http://www.yahoo.com/
>>>              == http://www.hotmail.com/ )
>>> }

> You'll need to keep a database of login  portals and associate "magic";

This function does not need a database of login portals at all (more
advanced features like auto-login would)


> I've long wondered what Windows Vista and later do for this, since
> they have some sort of functionality to detect whether you're
> connected to the internet or not.  Maybe we could take a similar
> approach?

There is at least two network attemtps that every Operating System
does very frequently: looking for security updates and trying to sync
NTP (NOT hard-coded to UW Madison!). Dunno if Windows is using the
results of these attempts but maybe NM could.


Anyway any of these solutions would typically fail to make the
difference between lack of connectivity due to a Weblogin versus
perfect connectivity to an locked-down intranet. So this is just about
*public internet connectivity*. The fuzzy and context-dependent
"connectivity" concept is confusing by essence and nothing can be done
about it. For (another) instance when you have perfect and useful
link-local connectivity Windows reports "limited" connectivity. How
explicit.

Follow-Ups:
- Re: Web login
  - From: Mads Kiilerich

References:
- Web login
  - From: Mads Kiilerich
- Re: Web login
  - From: Peteris Krisjanis
- Re: Web login
  - From: Mads Kiilerich
- Re: Web login
  - From: Peteris Krisjanis
- Re: Web login
  - From: Marc Herbert
- RE: Web login
  - From: Mattias Bengtsson
- RE: Web login
  - From: Dan Williams

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]