Reply-message and supplicant

Arran Cudbard-Bell a.cudbard-bell at sussex.ac.uk
Sun Jun 7 14:34:25 CEST 2009


Hi,
>>>> on the client can then extract? this could tunnel traffic through
>>>> an 802.1X restricted network? in fact, is the inner EAP traffic limited
>>>> at all?  once the authentication outer layer is started i should be
>>>> able to just keep throwing data back/forward through that tube?
>>>>
>>>>         
>> Wait are you talking about something really quite evil here? Like using
>> EAP as a VPN tunnel ?!?!
>>     
>
> yes. if the supplicant is code I have written and the server is running
> a nice bit of PHP or PERL code that i have written then.....hmmm.... PoC 
>   
You just have to make it appear to the NAS that you're doing EAP. You
don't actually have to *do* EAP.

There's no reason why you couldn't tunnel IPv4 so long as the packets
had a valid EAP header prepended to them. Send your EAP start, send the
identity response... then you can pretty much do whatever you like, so
long as it has a valid EAP header and the end server is in on the trick.

Had you got any special plans for this other than annoying
administrators by filling up their logs with very large EAP messages ?

Arran

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 257 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090607/b6c9bc66/attachment.pgp>


More information about the Freeradius-Users mailing list