Dear Chris Parker, There is more info on this issue on http://www.security.nnov.ru/search/news.asp?binid=1563
It should also be pointed that some attacks require ability to modify traffic. It's possible if one of routers compromised directly or via spoofed arp entry. There is no attack to succeed immdeiatly and all attack require long time to succeed (if you change shared secret on regular basis it will be hard to attack you). There are few points where traffic modification allow privelege escalation (for example NAS may send request for shell access, this request will be changed by M-i-t-M to PPP access request. RADIUS will authenticate PPP access and attacker will get shell access to device instead of PPP. There is also a weakness in a way MS-CHAP implemented in RADIUS. In fact, most of these attack are theoretical and it's almost impossible to use in practice. --Wednesday, May 15, 2002, 5:58:17 PM, you wrote to [EMAIL PROTECTED]: CP> At 03:18 PM 5/15/2002 +1000, Andrew Tait wrote: >>http://www.untruth.org/~josh/security/radius/radius-auth.html >> >>For those interested in finding out how easy. CP> All predicated on the assumption that the attacker has access to the CP> network traffic between the client ( NAS ) and the radius server. Like CP> I said before, if an attacker has access to your network in such a manner CP> there are *lot* of interesting things they can do, cracking radius is CP> just one of them. :) CP> -Chris CP> -- CP> \\\|||/// \ StarNet Inc. \ Chris Parker CP> \ ~ ~ / \ WX *is* Wireless! \ Director, Engineering CP> | @ @ | \ http://www.starnetwx.net \ (847) 963-0116 CP> oOo---(_)---oOo--\------------------------------------------------------ CP> \ Wholesale Internet Services - http://www.megapop.net CP> - CP> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- ~/ZARAZA ���� ��� ������ ������, ��� ��������� ����� �����. (���) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
