Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Basic questions about RADIUS authentication

from [Bulgaria Online - Assen Totin] Network Security [Permanent Link]
Subject: Re: Basic questions about RADIUS authentication
Date: Tue, 23 Nov 2004 13:08:12 +0200 
Hi all,

V> Q.1- Is it not possible to sniff this communication and launch a dictionary
V> attack?

Provided the attacker pretends to be a valid RADIUS client, yes.
However, the RADIUS server normally responds only to clients listed in
its configuration. So the attack should also come from a "valid" (from
the point of view of the RADIUS server) IP address - or spoof the
source IP address _and_ take measures to receive the replies.

V> After the user is authenticated, RADIUS server creates and sends the user
V> and the NAS session keys.
V> Q.2- Is it not possible in this instance to launch a man-in-the-middle
V> attack?

I'm not sure about this. RADIUS can do not only authentication, but
solely accounting or authorisation. Thus "After the user is
authenticated" is not clear to me. From what I know, after the server
processes the query, it assigns a more or less unique Session-Id
(which is used further till the end of the session).

V> Q.3- How is the data (userids and passwords) secured in the RADIUS server?
V> Is it not possible to launch an attack at the RADIUD server database?

I guess depends on the RADIUS server and configuration. As far as I
know, RADIUS server can authenticate requests against several sources,
including probably /etc/passwd, SQL database (Cistron RADIUS and its
successors at least), or even through an external application
(e.g. XtRadius). So the protection of the passwords is not really a
RADIUS issue, but a system administration task (of course, one should
take care not to configure RADIUS to show plain text passwords in its
log files). External attack (meaning an attack coming from a host,
different from the RADIUS server) would probably be a brute-force
one trying to guess a valid pair of username and password. However, if
a potential attacker gains access (even non-privileged) to the host
where RADIUS server resides, his opportunities to interfere in the
authentication process become much broader.

WWell,

Assen Totin
Development Manager

===============================
        BULGARIA ONLINE
  Your quality... Your price!
===============================
tel. (+359 2) 973-3000 ext. 511
     http://home.online.bg
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  log monitoring, changing iptables, Tom Boulay
Next by Date:  IIS application variables forge, Bénoni MARTIN
Previous by Thread:  Basic questions about RADIUS authentication, VI
Next by Thread:  RE: Basic questions about RADIUS authentication, Ed Whitesell
Indexes:  [Date] [Thread] [Top] [All Lists]