vertito wrote:
vertito wrote:I am not sure what you mean by facturation. If a hacker knows the shared secret, he can assume the identity of the nas and can utilize the radius server in any way the NAS could, including injecting fake accounting packets, fake auth packets, whatever. This could potentially open up the potential for a DOS attack. For these reasons you should always keep this secret, hence shared SECRET ;-) But this is the way radius works according to the rfcs. It isn't just a freeradius thing.My question is :- What can a malicious user can do with the secret? Can it alter accounting and other things? (chillispot uses chap auth-type)one is spell it out and try rumble it so he forms a new word from itIs it a real security problem? I will be using accounting for facturation purposes...
Chris Carver Network Engineer