Hello, First time doing this, so I am not sure if i am doing it correctly. I have configured RADIUS server and setup few juniper devices. Configuration is ok, my clients can authenticate using radius etc. I am worried about one thing. When i configure one EX switch, it keeps sending some strange request, something like this (0) User-Name = "root" (0) User-Password = "\010\n\r\177IN" (0) NAS-Identifier = "EX1" (0) Calling-Station-Id = "165.22.195.82" (0) NAS-IPv6-Address = 2600:894c0:c0:30::6 Executing section authorize from file /etc/raddb/sites-enabled/default (0) authorize { NAS-IPv6-Address is the address of that EX, and NAS-Identifier is ok, but username root is strange, and calling-station-id.
From my perspective it looks like it is sending requests from that EX with username root. Sometimes it use other usernames. I have read that can be related to brute force attack's.
Thank you and sorry for noob and confusing question. Marko
On Jan 4, 2022, at 7:02 AM, Marko Bozinovski via Freeradius-Users <freeradius-users@lists.freeradius.org> wrote:
First time doing this, so I am not sure if i am doing it correctly. I have configured RADIUS server and setup few juniper devices. Configuration is ok, my clients can authenticate using radius etc. I am worried about one thing. When i configure one EX switch, it keeps sending some strange request, something like this
(0) User-Name = "root" (0) User-Password = "\010\n\r\177IN"
So the shared secret is correct, the NAS is just sending nonsense.
From my perspective it looks like it is sending requests from that EX with username root. Sometimes it use other usernames. I have read that can be related to brute force attack's.
Possibly. You shouldn't have your NAS admin console accessible from the internet. But in the end, this is a local configuration issue. There isn't much you can do to FreeRADIUS to make the NAS stop sending packets. Alan DeKok.
participants (2)
-
Alan DeKok -
Marko Bozinovski