Architectural design for large-scale campus-wide captive portal

Managing high workload and concurrent accesses are challenging tasks for captive portal. The large number of clients generally creates high workload to the system. Furthermore, some worm or Trojan infected clients create a lot more traffic by spreading themselves through the network via HTTP protocol. Such stateful traffic typically leads to network attack, especially a SYN-Flooding. Additionally, some misbehaved software installed in client machines may periodically and/or automatically download, send updates information through the Internet, or repeatedly reconnect to certain designated servers without the high workload awareness. In this paper, the stateless mini HTTP redirector has been proposed. All traffic will be redirected to stateless robust URL target redirector which will eventually send traffic through raw socket, hence bypassing the operating system´s TCP/IP stack. With stateless characteristics, the system can absolutely protect the SYN-flooding attack. Moreover, the system includes the user-gent detection module for minimizing the high workload effects from misbehaved software on client machines.