Radius requests from unknow hosts

Alan DeKok aland at deployingradius.com
Tue Jan 4 16:00:02 CET 2022


On Jan 4, 2022, at 7:02 AM, Marko Bozinovski via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> 
> First time doing this, so I am not sure if i am doing it correctly.
> I have configured RADIUS server and setup few juniper devices.
> Configuration is ok, my clients can authenticate using radius etc.
> I am worried about one thing. When i configure one EX switch, it keeps sending some strange request, something like this
> 
> (0)   User-Name = "root"
> (0)   User-Password = "\010\n\r\177IN"

  So the shared secret is correct, the NAS is just sending nonsense.

> From my perspective it looks like it is sending requests from that EX with username root. Sometimes it use other usernames. I have read that can be related to brute force attack's.

  Possibly.

  You shouldn't have your NAS admin console accessible from the internet.

  But in the end, this is a local configuration issue.  There isn't much you can do to FreeRADIUS to make the NAS stop sending packets.

  Alan DeKok.




More information about the Freeradius-Users mailing list