(RADIATOR) Rouge Radius Requests

Dumpolid Exeplish dumpexec at gmail.com
Mon Sep 25 06:57:13 CDT 2006

Hi everyone,
 we currently have 2 Radius servers and a 2 level clent authentication
system with an SQL backend. The first Radius system (called the Access
Radius) is used to authenticate users at the Radio access level. the Second
Radius server is used to authenticate users at the ISP level. Recently, i
have been noticing Rouge Radius requests at the ISP Radius authentication.
This could be a form of attack. Has anyone noticed this sort of problemp.
here is the post from the log files

Mon Sep 25 05:26:14 2006: DEBUG: Packet dump:
*** Received from port 1645 ....
Code:       Access-Request
Identifier: 204
 Framed-Protocol = PPP
 User-Name = "aolnet/aol.dsl.newuser.10630001000300010001US2241.0000.prod"
<== the is the rougue username
 CHAP-Password =
 NAS-Port-Type = Virtual
 NAS-Port = 42
 Calling-Station-Id = xxxxx at los.isp.com
<xxxxx at los.isp.com><xxxxx at los.isp.com><== this is a valid username
 Called-Station-Id = "isp.com"
 Service-Type = Framed-User
 NAS-IP-Address =
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20060925/6287a596/attachment.html>

More information about the radiator mailing list