Attribute and Message Editing

Tahseen Hussain stud3080 at itu.dk
Thu Jun 30 23:35:44 CEST 2005


Hi Everybody,

Is it possilbe to avoid attribute editing and message editing by using
EAP-TTLS   or EAP-PEAP in a proxy environment?

As far as I understton, In EAP-TTLS a tunnel is formed between a user and
the TTLS server, now this TTLS server will forward the request to the
proxy and proxy to the home radius server. So the threat here is from
proxy, which can falsely edit attribute and messages.

For example if home radius sever sends Accept-accept packet , it is
possible that a proxy can change the same packet to Access-Reject
(wantedly), so that the user will not be able to access visited network.


Thanks in advance,

Tahseen







More information about the Freeradius-Users mailing list