public secret and public radius server. Is it secure?
Christopher Carver
ccarver at pennswoods.net
Fri Jun 2 18:06:05 CEST 2006
vertito wrote:
>
> vertito wrote:
>
>
>> My question is :
>> - What can a malicious user can do with the secret? Can it alter
>> accounting and other things? (chillispot uses chap auth-type)
>>
>> one is spell it out and try rumble it so he forms a new word from it
>>
>>
>>
> Is it a real security problem? I will be using accounting for facturation
> purposes...
>
>
I am not sure what you mean by facturation. If a hacker knows the
shared secret, he can assume the identity of the nas and can utilize the
radius server in any way the NAS could, including injecting fake
accounting packets, fake auth packets, whatever. This could potentially
open up the potential for a DOS attack. For these reasons you should
always keep this secret, hence shared SECRET ;-) But this is the way
radius works according to the rfcs. It isn't just a freeradius thing.
Chris Carver
Network Engineer
More information about the Freeradius-Users
mailing list