(RADIATOR) Rouge Radius Requests

Hugh Irvine hugh at open.com.au
Mon Sep 25 17:25:28 CDT 2006 

Hello -

Can you please tell me the name of the registered company that has  
purchased this copy of Radiator?

Please reply to me directly.

I note that I asked this same question in May of this year.

regards

Hugh


On 25 Sep 2006, at 21:57, Dumpolid Exeplish wrote:

> Hi everyone,
>  we currently have 2 Radius servers and a 2 level clent  
> authentication system with an SQL backend. The first Radius system  
> (called the Access Radius) is used to authenticate users at the  
> Radio access level. the Second Radius server is used to  
> authenticate users at the ISP level. Recently, i have been noticing  
> Rouge Radius requests at the ISP Radius authentication. This could  
> be a form of attack. Has anyone noticed this sort of problemp. here  
> is the post from the log files
>
>
> Mon Sep 25 05:26:14 2006: DEBUG: Packet dump:
> *** Received from 10.18.24.80 port 1645 ....
> Code:       Access-Request
> Identifier: 204
> Authentic:  <207><248>z<253><236><254><190> 
> +<230><244><135><200><167><183><0>H
> Attributes:
>  Framed-Protocol = PPP
>  User-Name = "aolnet/aol.dsl.newuser. 
> 10630001000300010001US2241.0000.prod" <== the is the rougue username
>  CHAP-Password =  
> <1>C<189>c<1xxx>y<xxx><219><155><152><xxx><244>1<135>|<220><2xxx>
>  NAS-Port-Type = Virtual
>  NAS-Port = 42
>  Calling-Station-Id = xxxxx at los.isp.com <== this is a valid username
>  Called-Station-Id = " isp.com"
>  Service-Type = Framed-User
>  NAS-IP-Address = 10.18.24.80



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list