public secret and public radius server. Is it secure?

[sophana]

Alan DeKok wrote:

>>My problem is that there can be hotspots on dynamic ip addresses.
>>The solution I found actually is to have an unique secret shared with 
>>all hotspots.
>>So the secret is known by everybody.
>>    
>>
>
>  Or, make the hotspots NOT have dynamic IP's.  There's no reason why
>they should have dynamic IP's.
>
>  
>
In my project, I don't own the hotspots, and don't know about the 
hotspots ISPs.
The hotspots communicate to the radius server though the internet.

>>- What can a malicious user can do with the secret? Can it alter 
>>accounting and other things? (chillispot uses chap auth-type)
>>    
>>
>
>  If someone knows the secret, he can do *anything* to the packets
>without the RADIUS server being able to tell.
>  
>
Ok. I don't know much about the radius protocol details, maybe you could 
help me understanding how secure would be a solution where the secret is 
know by everybody.
Chillispot uses CHAP authentication with a different secret per hotspot.
I consider is part as secure.
Now, once a user is authenticated, how does the nas send accounting info?
Does it have to authenticate again, or is its ip address (and its 
(public known)secret) sufficient to authenticate?
Do you need at least a session id?

Imagine that the malicious use cannot listen to the radius 
communications. What can it do without authentication?

I need security, because I will use accounting info to perform 
facturation...

Thanks for your great help.

>  
>
>>- Is there a way of maintaining a per hotspot secret with dynamic ip 
>>addresses?
>>    
>>
>
>  Not really, no.
>  
>
this means I must use a vpn client to connect to the radius server?
I would have liked a simple chillispot installation...

Regards
Sophana KOK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060602/f0608ea1/attachment.html>