From owner-freebsd-net@freebsd.org  Sat Jan 13 10:18:24 2018
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 87E52EA7539
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Sat, 13 Jan 2018 10:18:24 +0000 (UTC)
 (envelope-from lists@eitanadler.com)
Received: from mail-yb0-x233.google.com (mail-yb0-x233.google.com
 [IPv6:2607:f8b0:4002:c09::233])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4B5AE7F9CC
 for <freebsd-net@freebsd.org>; Sat, 13 Jan 2018 10:18:24 +0000 (UTC)
 (envelope-from lists@eitanadler.com)
Received: by mail-yb0-x233.google.com with SMTP id a82so3801235ybg.1
 for <freebsd-net@freebsd.org>; Sat, 13 Jan 2018 02:18:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=eitanadler.com; s=0xdeadbeef;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to
 :cc; bh=GDOEtZ8ArVvWKr24t9HjFHokmps/xNG1NyMeTGnIQFs=;
 b=Ja3FIf7zasSUmmk+7tTy0oX8PB11oLThu1OK1sWDOot1Nnj/GxSLRC4vulPg9HOmKQ
 cFmlIfycqFGmTSKmlVd1JF5JbYebRuEiTcpyANBcrOucwVf3JSuBBv7rHK/yHfahDshG
 2w0FCdNAhSmB2T8+NcXVBLA+i1GiUfC0PYXxY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to:cc;
 bh=GDOEtZ8ArVvWKr24t9HjFHokmps/xNG1NyMeTGnIQFs=;
 b=m9WDTp9YFmqrdgmX8QvVWE9eNDZFkvShQarcHsX446n2yRc2SiVZV+eOBRkCSfDrff
 1yoWhBxCeolvWJRD6c4SMzf5JzAaXUijKCLcKx9uUcxHO44q+DH13T92yCVPwf2AREWT
 56icmi95ZDkULUOruCw6IiKtxhrm3HVbnsFI09+FuRezM0AaWpbEEtD+0GxoOynnMZee
 V3aAE67kYZMPX/jVNYSdtciAIoJXjs7ZUr9eS14FtaODhnLWVBQxyA5ynPdsJp1aACne
 qWSS4MN2Wdw2tYVYuYEBE/mfUZHxg+b+QhT1OFoYTHCOnKQ50t/NbthP1bGjg67SrgxI
 nC1Q==
X-Gm-Message-State: AKwxytfoYMfkLIYDVpWrgJdSB/57/NdcPT6/BNXlI8GypUI759Z36HZc
 MeikRpCLwgL7lgohTyFs+7yhY49iQ1fLSAAqgcA6Dms+
X-Google-Smtp-Source: ACJfBovhdi/VqEO5K7Vaf4g7c3+J3Mv0T1vQZgdK9s1uUm6gmiqHe4Oq1oetTOpcO7E9mn+/SbbF+E6yk00QiCHCjSE=
X-Received: by 10.37.72.200 with SMTP id v191mr14784885yba.18.1515838702868;
 Sat, 13 Jan 2018 02:18:22 -0800 (PST)
MIME-Version: 1.0
Received: by 10.37.46.79 with HTTP; Sat, 13 Jan 2018 02:17:52 -0800 (PST)
In-Reply-To: <20180113095553.GA19901@admin.sibptus.transneft.ru>
References: <CAOjFWZ6kYSTKmPHpQqd+ywrUNVLcG6JNzwFJYPyt5z1H4HeRUw@mail.gmail.com>
 <20180107180422.GA46756@admin.sibptus.transneft.ru>
 <52165.108.68.171.12.1515350430.squirrel@cosmo.uchicago.edu>
 <CAOjFWZ5j+ixKVc0cy6ik=BuU0nmpdUgFyePAVDouKmS=MM9vOg@mail.gmail.com>
 <20180108072035.GB52442@admin.sibptus.transneft.ru>
 <CAOjFWZ6XY2pHaVUqwSxL=hK9VdKh0ZdFMeHMdbhsDC=z8zngYw@mail.gmail.com>
 <20180113095553.GA19901@admin.sibptus.transneft.ru>
From: Eitan Adler <lists@eitanadler.com>
Date: Sat, 13 Jan 2018 02:17:52 -0800
Message-ID: <CAF6rxgkDugr=dcYptufVR71Fn9pdAtmxZfKe8QwQpChUN0ckTQ@mail.gmail.com>
Subject: Re: Fwd: Re: Quasi-enterprise WiFi network
To: Victor Sudakov <vas@mpeks.tomsk.su>
Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>
Content-Type: text/plain; charset="UTF-8"
X-Content-Filtered-By: Mailman/MimeDel 2.1.25
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Jan 2018 10:18:24 -0000

On 13 January 2018 at 01:55, Victor Sudakov <vas@mpeks.tomsk.su> wrote:
>
>
> Are there any network experts willing to look at the dump of RADIUS
> traffic at http://noc.sibptus.ru/~sudakov/radius.pcap ?


>From wireshark: PEAP / EAP-MD5-CHALLENGE

Extensible Authentication Protocol
    Code: Request (1)
    Id: 2
    Length: 6
    Type: Protected EAP (EAP-PEAP) (25)
    EAP-TLS Flags: 0x20


Frame 2: 122 bytes on wire (976 bits), 122 bytes captured (976 bits)
Ethernet II, Src: D-LinkIn_33:c9:7c (c4:12:f5:33:c9:7c), Dst:
Tp-LinkT_80:65:0d (98:de:d0:80:65:0d)
Internet Protocol Version 4, Src: 192.168.4.1, Dst: 192.168.4.15
User Datagram Protocol, Src Port: 1812, Dst Port: 49565
RADIUS Protocol
    Code: Access-Challenge (11)
    Packet identifier: 0x1f (31)
    Length: 80
    Authenticator: 3ee26ab2364064973ef2ce988915ca8b
    [This is a response to a request in frame 1]
    [Time from request: 0.000410000 seconds]
    Attribute Value Pairs
        AVP: l=24 t=EAP-Message(79) Last Segment[1]
            Type: 79
            Length: 24
            EAP fragment: 0101001604106e9f4093168606ff0e9d7d965c20a895
            Extensible Authentication Protocol
                Code: Request (1)
                Id: 1
                Length: 22
                Type: MD5-Challenge EAP (EAP-MD5-CHALLENGE) (4)
                    [Expert Info (Warning/Security): Vulnerable to MITM
attacks. If possible, change EAP type.]
                        [Vulnerable to MITM attacks. If possible, change
EAP type.]
                        [Severity level: Warning]
                        [Group: Security]
                EAP-MD5 Value-Size: 16
                EAP-MD5 Value: 6e9f4093168606ff0e9d7d965c20a895
        AVP: l=18 t=Message-Authenticator(80):
dff9594bbb81d39e12716aae961454e0
            Type: 80
            Length: 18
            Message-Authenticator: dff9594bbb81d39e12716aae961454e0
        AVP: l=18 t=State(24): 6bf59ce96bf4982c16a18f64a0068706
            Type: 24
            Length: 18
            State: 6bf59ce96bf4982c16a18f64a0068706




> I'd like to
> understand which EAP flavour out of many (PEAP, EAP-TLS, EAP-TTLS etc)
> is actually being used (and why the Android devices are readily
> trusting FreeRADIUS's test server certificate, I'm a bit uneasy about
> it).
>
> --
> Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
> AS43859
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>



-- 
Eitan Adler