Thursday, January 21, 2010

A number of captive portal implementations, including products from Cisco and Nomadix, use as a virtual IP address, HTTP requests to which are redirected to the access control server's logout page. A quick google search turns up numerous network service providers, mostly wireless ISPs, that use to access their logout pages.

This trick has worked because the IP address resided in an IP block that was reserved by the IANA, so there could be no server that actually used that IP address.

However, this month the IANA assigned the IP block to the Asia-Pacific NIC. As its name implies, APNIC is responsible for the allocation of IP addresses in Asia and the Pacific, meaning that there may come a day when a company in China, Australia, or elsewhere is allocated a subnet containing the IP address.

In short, the IP address no longer resides in reserved IP space. Network access servers should stop using it.

No comments: