Can anyone please provide the steps needed to connect the AR750 as a repeater on an existing wifi that normally starts an agreement screen as part of the process. Like at a hotel or café where they want you to agree to their terms of service.
When I try to connect currently to the business wifi, using my phone as the UI to the router, it disconnects my phone from the router.
TLDR:
You know how when you connect to McDonalds wifi, you go to google.com and it magically changes the page to their wifi connection page? Well hackers can do the same, by rebinding the dns and changing all pages to their ones, either phishing or just listening to all traffic. That is why you want the dns rebinding protection on at all times, and only disable it when you actually need a page to redirect to a portal, like McDonalds wifi for example.
So you get on wifi, try to connect the repeater. If you don’t get any internet, you disable the dns rebinding, connect the repeater again, and go to any page. The page will get redirected, you accept the terms, login or whatever, then disable the dns rebinding again after you have internet.
Yeah ofc, it’s just a matter of how complex the attack becomes. It’s the same as who can break into an embassy. Small time robbers won’t, people that rob banks every day might be able
It just adds a little more security, to slow the attack down.
Problem is, don’t a lot of the agreement pages (and their requisite elements) tend to come from redirects that expect the providers’ DNS (and not general ones, like 8.8.8.8 or OpenDNS’ servers) to handle resolving the address of the login page (which is almost certainly not on the general internet)?
i.e., you get an IP - try to hit foobar.com - cafe’s router sees your MAC isn’t authenticated - throws up a page at makethemloginfirst.localhost - “DNS Rebind Protection” is on, so say Google DNS is trying to resolve that and returns “SERVFAIL”, you can’t get past their verification screen.
Many times I DO see an IP address used instead, which makes more sense, but based on what I see in address fields it could go either way.
@kennethrc Read my post again that is exactly what i wrote. This is the only case when you disable the dns rebind protection. When the portal has let you through, you re-enable it again because the portal only does it one time; until your session is over.