Radius requests from unknow hosts
Alan DeKok
aland at deployingradius.com
Tue Jan 4 16:00:02 CET 2022
On Jan 4, 2022, at 7:02 AM, Marko Bozinovski via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>
> First time doing this, so I am not sure if i am doing it correctly.
> I have configured RADIUS server and setup few juniper devices.
> Configuration is ok, my clients can authenticate using radius etc.
> I am worried about one thing. When i configure one EX switch, it keeps sending some strange request, something like this
>
> (0) User-Name = "root"
> (0) User-Password = "\010\n\r\177IN"
So the shared secret is correct, the NAS is just sending nonsense.
> From my perspective it looks like it is sending requests from that EX with username root. Sometimes it use other usernames. I have read that can be related to brute force attack's.
Possibly.
You shouldn't have your NAS admin console accessible from the internet.
But in the end, this is a local configuration issue. There isn't much you can do to FreeRADIUS to make the NAS stop sending packets.
Alan DeKok.
More information about the Freeradius-Users
mailing list