When using a radius server to proxy realms to different servers, you of course need a trusted relationship between the servers. (That's why there is a shared secret.) But what if one of the radius-servers is hacked or abused in any way: it looks to me that that single radius server is then capable of doing an attack on the whole Radius-infrastructure. You can just do an dictionary attack on a user you know about in a different network, through the proxy.
Is this true? Is it possible to prevent this kind of attacks on the proxy-ing radius server? Is the best solution to prevent any proxy-depth in the proxy-ing server by e.g. not proxy-ing subrealms but just realms?
Regards, Paul
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
