[RADIATOR] Possible DOS attack against radiator with AuthPAM.pm ?
Mike McCauley
mikem at open.com.au
Sun Oct 4 01:28:28 CDT 2009
Hello Markus,
Thanks for the suggestion. Added to the latest patch set.
Cheers.
On Tuesday 29 September 2009 05:45:00 am Markus Moeller wrote:
> Mike,
>
> Can we update the patch. I noticed another case where there exist the
> Username attribute, but the value is "" (e.g. empty). So can the lines
>
> (... REJECT..)
> unless defined $user_name
>
> to
>
> (... REJECT..)
> unless $user_name
>
> Thank you
> Markus
>
> ----- Original Message -----
> From: "Mike McCauley" <mikem at open.com.au>
> To: "Markus Moeller" <huaraz at moeller.plus.com>
> Cc: <radiator at open.com.au>
> Sent: Thursday, June 04, 2009 10:56 AM
> Subject: Re: [RADIATOR] Possible DOS attack against radiator with
> AuthPAM.pm ?
>
> > Hello Markus,
> >
> > thanks for the additional details. We have now fixed this problem. The
> > fix is
> > in the latest Radiator 4.4 patch set.
> > We apologise for any inconvenience.
> >
> > Cheers
> >
> > On Thursday 04 June 2009 06:34:31 pm Markus Moeller wrote:
> >> Mike,
> >>
> >> I do the following ( I think the dictionary error is the reason I don't
> >> have a username as an attribute) :
> >>
> >> radpwtst -secret secret -s devserver04 -auth_port 1812 -acct_port 1813
> >> Thu Jun 4 08:29:32 2009: ERR: Attribute number 1 is not defined in your
> >> dictionary
> >> Thu Jun 4 08:29:32 2009: ERR: Attribute number 6 is not defined in your
> >> dictionary
> >> Thu Jun 4 08:29:32 2009: ERR: Attribute number 4 is not defined in your
> >> dictionary
> >> Thu Jun 4 08:29:32 2009: ERR: Attribute number 32 is not defined in
> >> your dictionary
> >> Thu Jun 4 08:29:32 2009: ERR: Attribute number 5 is not defined in your
> >> dictionary
> >> Thu Jun 4 08:29:32 2009: ERR: Attribute number 30 is not defined in
> >> your dictionary
> >> Thu Jun 4 08:29:32 2009: ERR: Attribute number 31 is not defined in
> >> your dictionary
> >> Thu Jun 4 08:29:32 2009: ERR: Attribute number 61 is not defined in
> >> your dictionary
> >> Thu Jun 4 08:29:32 2009: ERR: Attribute number 2 is not defined in your
> >> dictionary
> >> Thu Jun 4 08:29:32 2009: WARNING: No such attribute Unknown
> >> Thu Jun 4 08:29:32 2009: WARNING: No such attribute Unknown
> >> Thu Jun 4 08:29:32 2009: WARNING: No such attribute Unknown
> >> Thu Jun 4 08:29:32 2009: WARNING: No such attribute Unknown
> >> Thu Jun 4 08:29:32 2009: WARNING: No such attribute Unknown
> >> Thu Jun 4 08:29:32 2009: WARNING: No such attribute Unknown
> >> Thu Jun 4 08:29:32 2009: WARNING: No such attribute Unknown
> >> Thu Jun 4 08:29:32 2009: WARNING: No such attribute Unknown
> >> Thu Jun 4 08:29:32 2009: WARNING: No such attribute Unknown
> >> sending Access-Request...
> >> No reply
> >> Thu Jun 4 08:29:37 2009: ERR: Attribute number 1 is not defined in your
> >> dictionary
> >> Thu Jun 4 08:29:37 2009: ERR: Attribute number 6 is not defined in your
> >> dictionary
> >> Thu Jun 4 08:29:37 2009: ERR: Attribute number 4 is not defined in your
> >> dictionary
> >> Thu Jun 4 08:29:37 2009: ERR: Attribute number 32 is not defined in
> >> your dictionary
> >> Thu Jun 4 08:29:37 2009: ERR: Attribute number 5 is not defined in your
> >> dictionary
> >> Thu Jun 4 08:29:37 2009: ERR: Attribute number 61 is not defined in
> >> your dictionary
> >> Thu Jun 4 08:29:37 2009: ERR: Attribute number 44 is not defined in
> >> your dictionary
> >> Thu Jun 4 08:29:37 2009: ERR: Attribute number 40 is not defined in
> >> your dictionary
> >> Thu Jun 4 08:29:37 2009: ERR: Attribute number 30 is not defined in
> >> your dictionary
> >> Thu Jun 4 08:29:37 2009: ERR: Attribute number 31 is not defined in
> >> your dictionary
> >> Thu Jun 4 08:29:37 2009: ERR: Attribute number 41 is not defined in
> >> your dictionary
> >> Thu Jun 4 08:29:37 2009: WARNING: No such attribute Unknown
> >> Thu Jun 4 08:29:37 2009: WARNING: No such attribute Unknown
> >> Thu Jun 4 08:29:37 2009: WARNING: No such attribute Unknown
> >> Thu Jun 4 08:29:37 2009: WARNING: No such attribute Unknown
> >> Thu Jun 4 08:29:37 2009: WARNING: No such attribute Unknown
> >> Thu Jun 4 08:29:37 2009: WARNING: No such attribute Unknown
> >> Thu Jun 4 08:29:37 2009: WARNING: No such attribute Unknown
> >> Thu Jun 4 08:29:37 2009: WARNING: No such attribute Unknown
> >> Thu Jun 4 08:29:37 2009: WARNING: No such attribute Unknown
> >> Thu Jun 4 08:29:37 2009: WARNING: No such attribute Unknown
> >> Thu Jun 4 08:29:37 2009: WARNING: No such attribute Unknown
> >> sending Accounting-Request Start...
> >> No reply
> >> Thu Jun 4 08:29:42 2009: ERR: Attribute number 1 is not defined in your
> >> dictionary
> >> Thu Jun 4 08:29:42 2009: ERR: Attribute number 6 is not defined in your
> >> dictionary
> >> Thu Jun 4 08:29:42 2009: ERR: Attribute number 4 is not defined in your
> >> dictionary
> >> Thu Jun 4 08:29:42 2009: ERR: Attribute number 32 is not defined in
> >> your dictionary
> >> Thu Jun 4 08:29:42 2009: ERR: Attribute number 5 is not defined in your
> >> dictionary
> >> Thu Jun 4 08:29:42 2009: ERR: Attribute number 61 is not defined in
> >> your dictionary
> >> Thu Jun 4 08:29:42 2009: ERR: Attribute number 44 is not defined in
> >> your dictionary
> >> Thu Jun 4 08:29:42 2009: ERR: Attribute number 40 is not defined in
> >> your dictionary
> >> Thu Jun 4 08:29:42 2009: ERR: Attribute number 30 is not defined in
> >> your dictionary
> >> Thu Jun 4 08:29:42 2009: ERR: Attribute number 31 is not defined in
> >> your dictionary
> >> Thu Jun 4 08:29:42 2009: ERR: Attribute number 41 is not defined in
> >> your dictionary
> >> Thu Jun 4 08:29:42 2009: ERR: Attribute number 46 is not defined in
> >> your dictionary
> >> Thu Jun 4 08:29:42 2009: ERR: Attribute number 42 is not defined in
> >> your dictionary
> >> Thu Jun 4 08:29:42 2009: ERR: Attribute number 43 is not defined in
> >> your dictionary
> >> Thu Jun 4 08:29:42 2009: WARNING: No such attribute Unknown
> >> Thu Jun 4 08:29:42 2009: WARNING: No such attribute Unknown
> >> Thu Jun 4 08:29:42 2009: WARNING: No such attribute Unknown
> >> Thu Jun 4 08:29:42 2009: WARNING: No such attribute Unknown
> >> Thu Jun 4 08:29:42 2009: WARNING: No such attribute Unknown
> >> Thu Jun 4 08:29:42 2009: WARNING: No such attribute Unknown
> >> Thu Jun 4 08:29:42 2009: WARNING: No such attribute Unknown
> >> Thu Jun 4 08:29:42 2009: WARNING: No such attribute Unknown
> >> Thu Jun 4 08:29:42 2009: WARNING: No such attribute Unknown
> >> Thu Jun 4 08:29:42 2009: WARNING: No such attribute Unknown
> >> Thu Jun 4 08:29:42 2009: WARNING: No such attribute Unknown
> >> Thu Jun 4 08:29:42 2009: WARNING: No such attribute Unknown
> >> Thu Jun 4 08:29:42 2009: WARNING: No such attribute Unknown
> >> Thu Jun 4 08:29:42 2009: WARNING: No such attribute Unknown
> >> sending Accounting-Request Stop...
> >> No reply
> >>
> >> The radiator log with trace 4 is:
> >>
> >> Thu Jun 4 08:29:28 2009: DEBUG: include
> >> /opt/radiator/etc/radiator_tacacs.cfg
> >> Thu Jun 4 08:29:28 2009: DEBUG: Creating TACACSPLUS port 0.0.0.0:49
> >> Thu Jun 4 08:29:28 2009: DEBUG: include
> >> /opt/radiator/etc/radiator_log.cfg
> >> Thu Jun 4 08:29:28 2009: DEBUG: include
> >> /opt/radiator/etc/radiator_clients.cfg
> >> Thu Jun 4 08:29:28 2009: DEBUG: include
> >> /opt/radiator/etc/radiator_authby.cfg
> >> Thu Jun 4 08:29:28 2009: DEBUG: Finished reading configuration file
> >> '/opt/radiator/etc/radiator.cfg'
> >> Thu Jun 4 08:29:28 2009: DEBUG: Reading dictionary file
> >> '/opt/radiator/etc/dictionary'
> >> Thu Jun 4 08:29:28 2009: DEBUG: Creating authentication port
> >> 0.0.0.0:1812
> >> Thu Jun 4 08:29:28 2009: DEBUG: Creating accounting port 0.0.0.0:1813
> >> Thu Jun 4 08:29:28 2009: NOTICE: Server started: Radiator 4.3.1 on
> >> devserver04
> >> Thu Jun 4 08:29:32 2009: DEBUG: Packet dump:
> >> *** Received from 10.129.189.216 port 56607 ....
> >> Code: Access-Request
> >> Identifier: 197
> >> Authentic: <u<14><195><166>:7<19><220><224>xT<128>N<239><180>
> >> Attributes:
> >>
> >> Thu Jun 4 08:29:32 2009: DEBUG: Handling request with Handler
> >> 'DeviceType="generic",AuthType="radius"'
> >> Thu Jun 4 08:29:32 2009: DEBUG: Deleting session for , 10.129.189.216,
> >> Thu Jun 4 08:29:32 2009: DEBUG: Handling with Radius::AuthGROUP:
> >> PAMAuthentication
> >> Thu Jun 4 08:29:32 2009: DEBUG: Handling with PAM service Radiator
> >> Thu Jun 4 08:29:32 2009: DEBUG: PAM is asking for 2: 'Please enter user
> >> name'
> >> Thu Jun 4 08:29:32 2009: DEBUG: PAM is asking for 2: 'Please enter user
> >> name'
> >> Thu Jun 4 08:29:32 2009: DEBUG: PAM is asking for 2: 'Please enter user
> >> name'
> >>
> >>
> >> Radiator config extract:
> >>
> >> #
> >> # Authentication via PAM (Kerberos)
> >> #
> >> # the Service Tags must be present in /etc/pam.conf:
> >> #
> >> <AuthBy PAM>
> >> Identifier PAMAuthentication
> >> Service Radiator
> >> </AuthBy>
> >>
> >>
> >> It runs on Solaris 10 sparc
> >>
> >> /etc/pam.conf with Russ Allbery module
> >>
> >> Radiator auth requisite pam_authtok_get.so.1
> >> Radiator auth required pam_krb5-3.13.so realm=TESTDOMAIN.COM
> >> minimum_uid=100 use_first_pass no_ccache debug
> >>
> >> Regards
> >> Markus
> >>
> >> ----- Original Message -----
> >> From: "Mike McCauley" <mikem at open.com.au>
> >> To: "Markus Moeller" <huaraz at moeller.plus.com>
> >> Sent: Wednesday, June 03, 2009 11:18 PM
> >> Subject: Re: [RADIATOR] Possible DOS attack against radiator with
> >> AuthPAM.pm ?
> >>
> >> > Hello Markus,
> >> >
> >> > On Thursday 04 June 2009 07:46:55 am Markus Moeller wrote:
> >> >> I noticed when I use radpwtst without a username/password to send a
> >> >> request
> >> >> to Radiator which is configured with AuthPAM.pm Radiator loops
> >> >> indefinetly
> >> >> in pam_conv_func. With trace enabled I get millions of messages like
> >> >> "PAM is asking for 2: '....." filling up my disk.
> >> >
> >> > When you say 'without a username/password' do you mean they were
> >> > blank, or that the attributes were not present in the request?
> >> >
> >> > How exactly did you reproduce this?
> >> >
> >> > Cheers.
> >> >
> >> >> Markus
> >> >
> >> > --
> >> > Mike McCauley mikem at open.com.au
> >> > Open System Consultants Pty. Ltd
> >> > 9 Bulbul Place Currumbin Waters QLD 4223 Australia
> >> > http://www.open.com.au
> >> > Phone +61 7 5598-7474 Fax +61 7 5598-7070
> >> >
> >> > Radiator: the most portable, flexible and configurable RADIUS server
> >> > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> >> > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP,
> >> > TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, DIAMETER etc. Full
> >> > source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
> >
> > --
> > Mike McCauley mikem at open.com.au
> > Open System Consultants Pty. Ltd
> > 9 Bulbul Place Currumbin Waters QLD 4223 Australia
> > http://www.open.com.au
> > Phone +61 7 5598-7474 Fax +61 7 5598-7070
> >
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> > TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, DIAMETER etc. Full source
> > on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, DIAMETER etc. Full source
on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
More information about the radiator
mailing list