[Home server Radius in "always accept mode with mschap"]
Fajar A. Nugraha
list at fajar.net
Fri Mar 30 04:56:47 CEST 2012
On Fri, Mar 30, 2012 at 6:54 AM, Timothy White <timwhite88 at gmail.com> wrote:
> Is it possible on the proxy server, to catch the challenge and
> response when the normal server is running, store them, and then issue
> the same challenge and same chap-success from the "welcome" server
> when another request is made?
You mean similar to replay attack? Nope.
>From http://en.wikipedia.org/wiki/Challenge-Handshake_Authentication_Protocol
"
CHAP provides protection against playback attack by the peer through
the use of an incrementally changing identifier and of a variable
challenge-value. CHAP requires that both the client and server know
the plaintext of the secret, although it is never sent over the
network. The MS-CHAP variant does not require either peer to know the
plaintext, but has other drawbacks.
"
More complete information should be available on the RFCs, but that
short summary is good enough for me :)
--
FAN
More information about the Freeradius-Users
mailing list