At 08:34 PM 7/15/2002 -0400, Ilguiz Latypov wrote:
>I agree that promiscuous authentication is not how FreeRadius was supposed
>to work. Sorry for not reading the documentation first. I thought that
>communication between Radius clients and servers is secure by design. Is
>this not always true?
Nothing is 100% secure. As with most protocols, there are ways that an
attack can be performed against a RADIUS infrastructure. There are many
steps taken to reduce the possiblity of an attack, by making it as difficult
as possible to perform. Enabling promiscuous auth does away with one of
the measures put in place to reduce exposure, which is only answering
auth-requests from *known* ip addresses.
(yes, ip's can be spoofed, but spoofing is harder than not having to spoof).
-Chris
--
\\\|||/// \ StarNet Inc. \ Chris Parker
\ ~ ~ / \ WX *is* Wireless! \ Director, Engineering
| @ @ | \ http://www.starnetwx.net \ (847) 963-0116
oOo---(_)---oOo--\------------------------------------------------------
\ Wholesale Internet Services - http://www.megapop.net
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
