IPv6 – Avoiding the Captive Portal

A while back I was at a college campus library trying to get online while I waited on some friends to do homework. Like most colleges, this one was using a captive portal that required you to login and register your computer to get access to the Internet.

Since I was bored and had little else to do I did what I usually do on a wireless network: lurk and see what’s going on. While running tcpdump to see what was going on on the network, I noticed some icmp6 messages. Now to me many aspects of IPv6 is very interesting, for example anycast addresses. For those unfamiliar to IPv6, and I am writing this for all of you ;), IPV6 has done away with broadcasts. Instead an anycast is used and works more like a multicast in IPv4. I’ll leave the details of IPv6 to you, there are tons of good resources on line. If you need help finding them just ask.

One of these anycast addresses is ff02::1. This address allows for communication with entire local network at once. By pinging this address several OS X machines with names like jims.macbook responded. I also got a response from a router. I’m not trying to call out Apple for turning on IPv6, because I know Microsoft also ships with it turned on by default now, too. They may want to turn the firewall on by default like Windows though. Having IPv6 enabled isn’t really a *bad* thing like I said, I like IPv6 and I run it at home. The real issue is with how many computers have it turned on and how so few know much if anything about it. IPv6 is rarely secured or protected at all. I have found that most systems will have incredibly restrictive firewall rules and no filtering at all for IPv6.

In this case all I needed to do was request an IPv6 address and there DNS server was even able resolve IPv6 addresses for me allowing me to get on the Internet and completely bypass all of their firewall rules and the captive portal.