Re: [NSE] eap-info

[Riccardo Cecolin <nmap () rikiji de>]

Awesome, thanks.

Riccardo

On Thu, Mar 8, 2012 at 7:04 PM, Patrik Karlsson <patrik () cqure net> wrote:
> On Thu, Mar 8, 2012 at 12:09 PM, Riccardo Cecolin <nmap () rikiji de> wrote:
> > Hi,
> >
> > Are you using hostapd 0.7.3? I just made some tests, i found that when
> > using the wired driver with ieee802.1x authentication it behaves
> > differently than 0.6.10 (previous stable), maybe we could file a bug
> > because it's impossible to authenticate, even with wpa supplicant. I
> > found confirmation here:
> > http://lists.shmoo.com/pipermail/hostap/2010-May/021425.html
> >
> > Basically the only proper way to test it with hostapd 0.7.3 would be
> > using a wireless AP or commenting the "return" in src/ap/ieee802_1x.c,
> > since it is looking for wlan association before accepting the packet:
> >
> >        if (!sta || !(sta->flags & WLAN_STA_ASSOC)) {
> >                wpa_printf(MSG_DEBUG, "IEEE 802.1X data frame from not "
> >                           "associated STA");
> >                //return;
> >        }
> >
> > You can check that even running "wpa_supplicant -Dwired -ieth0 -c
> > /usr/share/doc/wpasupplicant/examples/ieee8021x.conf -dd" the
> > autenticator will never reply a second time to the supplicant. I think
> > this will just make it a little bit more uncomfortable to debug and
> > won't hurt the script, since this authenticator configuration is not
> > even usable with proper clients.
> >
> > Riccardo
>
> Ok, thanks, it worked with that patch.
> I looked through the script and library and browsed the RFC and some pcaps
> and it all looked good.
> I've committed it as r28232.
>
> Great work!
> //Patrik
>
> --
> Patrik Karlsson
> http://www.cqure.net
> http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/