Security Basics mailing list archives
Re: Basic questions about RADIUS authentication
From: Bulgaria Online - Assen Totin <assen () online bg>
Date: Tue, 23 Nov 2004 13:08:12 +0200
Hi all, V> Q.1- Is it not possible to sniff this communication and launch a dictionary V> attack? Provided the attacker pretends to be a valid RADIUS client, yes. However, the RADIUS server normally responds only to clients listed in its configuration. So the attack should also come from a "valid" (from the point of view of the RADIUS server) IP address - or spoof the source IP address _and_ take measures to receive the replies. V> After the user is authenticated, RADIUS server creates and sends the user V> and the NAS session keys. V> Q.2- Is it not possible in this instance to launch a man-in-the-middle V> attack? I'm not sure about this. RADIUS can do not only authentication, but solely accounting or authorisation. Thus "After the user is authenticated" is not clear to me. From what I know, after the server processes the query, it assigns a more or less unique Session-Id (which is used further till the end of the session). V> Q.3- How is the data (userids and passwords) secured in the RADIUS server? V> Is it not possible to launch an attack at the RADIUD server database? I guess depends on the RADIUS server and configuration. As far as I know, RADIUS server can authenticate requests against several sources, including probably /etc/passwd, SQL database (Cistron RADIUS and its successors at least), or even through an external application (e.g. XtRadius). So the protection of the passwords is not really a RADIUS issue, but a system administration task (of course, one should take care not to configure RADIUS to show plain text passwords in its log files). External attack (meaning an attack coming from a host, different from the RADIUS server) would probably be a brute-force one trying to guess a valid pair of username and password. However, if a potential attacker gains access (even non-privileged) to the host where RADIUS server resides, his opportunities to interfere in the authentication process become much broader. WWell, Assen Totin Development Manager =============================== BULGARIA ONLINE Your quality... Your price! =============================== tel. (+359 2) 973-3000 ext. 511 http://home.online.bg
Current thread:
- Basic questions about RADIUS authentication VI (Nov 22)
- Re: Basic questions about RADIUS authentication Bulgaria Online - Assen Totin (Nov 23)
- <Possible follow-ups>
- RE: Basic questions about RADIUS authentication Ed Whitesell (Nov 24)
- RE: Basic questions about RADIUS authentication Roger A. Grimes (Nov 25)