[RADIATOR] EAP Response type 25, but no expected type known - Rogue Access Point?

Heikki Vatiainen hvn at open.com.au
Wed Sep 4 12:59:58 UTC 2019


On 04/09/2019 15.13, Ullfig, Roberto Alfredo wrote:

> While this might be true:
> 
> "..then the trusted AP would force the end user to start authentication 
> from the scratch"
> 
> That user's device is still going to send that UDP packet to the new AP 
> and end up on our server no?

It won't be sending UDP directly. See, for example below, for diagrams 
and how it the user's device must use EAPOL, not UDP, to send and 
receive authentication messages.

https://en.wikipedia.org/wiki/IEEE_802.1X

I was just thinking about WLAN gear that does not enforce port control 
correctly. Most likely these kinds of legimate devices would be 
malfunctioning if they pass through messages that do not follow the 
expected authentication sequence.

> Also, it doesn't have to be  a rogue AP 
> does it, it could be someone else's legitimate AP that just happens to 
> be near one of our APs.

I'd still say that correctly functioning APs would not pass any EAP 
messages through but would force the end user to start with 
EAPOL/EAP-Request/Identity. However, I'm not that familiar ways various 
devices work to say exactly what's possible.

Thanks,
Heikki


-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.


More information about the radiator mailing list