vertito wrote:
vertito wrote:
My question is :
- What can a malicious user can do with the secret? Can it alter
accounting and other things? (chillispot uses chap auth-type)
one is spell it out and try rumble it so he forms a new word from it
Is it a real security problem? I will be using accounting for facturation
purposes...
I am not sure what you mean by facturation. If a hacker knows the
shared secret, he can assume the identity of the nas and can utilize the
radius server in any way the NAS could, including injecting fake
accounting packets, fake auth packets, whatever. This could potentially
open up the potential for a DOS attack. For these reasons you should
always keep this secret, hence shared SECRET ;-) But this is the way
radius works according to the rfcs. It isn't just a freeradius thing.
Chris Carver
Network Engineer
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
