Date: Sat, 13 Jan 2018 02:17:52 -0800 From: Eitan Adler <lists@eitanadler.com> To: Victor Sudakov <vas@mpeks.tomsk.su> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: Re: Fwd: Re: Quasi-enterprise WiFi network Message-ID: <CAF6rxgkDugr=dcYptufVR71Fn9pdAtmxZfKe8QwQpChUN0ckTQ@mail.gmail.com> In-Reply-To: <20180113095553.GA19901@admin.sibptus.transneft.ru> References: <CAOjFWZ6kYSTKmPHpQqd%2BywrUNVLcG6JNzwFJYPyt5z1H4HeRUw@mail.gmail.com> <20180107180422.GA46756@admin.sibptus.transneft.ru> <52165.108.68.171.12.1515350430.squirrel@cosmo.uchicago.edu> <CAOjFWZ5j%2BixKVc0cy6ik=BuU0nmpdUgFyePAVDouKmS=MM9vOg@mail.gmail.com> <20180108072035.GB52442@admin.sibptus.transneft.ru> <CAOjFWZ6XY2pHaVUqwSxL=hK9VdKh0ZdFMeHMdbhsDC=z8zngYw@mail.gmail.com> <20180113095553.GA19901@admin.sibptus.transneft.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On 13 January 2018 at 01:55, Victor Sudakov <vas@mpeks.tomsk.su> wrote: > > > Are there any network experts willing to look at the dump of RADIUS > traffic at http://noc.sibptus.ru/~sudakov/radius.pcap ? >From wireshark: PEAP / EAP-MD5-CHALLENGE Extensible Authentication Protocol Code: Request (1) Id: 2 Length: 6 Type: Protected EAP (EAP-PEAP) (25) EAP-TLS Flags: 0x20 Frame 2: 122 bytes on wire (976 bits), 122 bytes captured (976 bits) Ethernet II, Src: D-LinkIn_33:c9:7c (c4:12:f5:33:c9:7c), Dst: Tp-LinkT_80:65:0d (98:de:d0:80:65:0d) Internet Protocol Version 4, Src: 192.168.4.1, Dst: 192.168.4.15 User Datagram Protocol, Src Port: 1812, Dst Port: 49565 RADIUS Protocol Code: Access-Challenge (11) Packet identifier: 0x1f (31) Length: 80 Authenticator: 3ee26ab2364064973ef2ce988915ca8b [This is a response to a request in frame 1] [Time from request: 0.000410000 seconds] Attribute Value Pairs AVP: l=24 t=EAP-Message(79) Last Segment[1] Type: 79 Length: 24 EAP fragment: 0101001604106e9f4093168606ff0e9d7d965c20a895 Extensible Authentication Protocol Code: Request (1) Id: 1 Length: 22 Type: MD5-Challenge EAP (EAP-MD5-CHALLENGE) (4) [Expert Info (Warning/Security): Vulnerable to MITM attacks. If possible, change EAP type.] [Vulnerable to MITM attacks. If possible, change EAP type.] [Severity level: Warning] [Group: Security] EAP-MD5 Value-Size: 16 EAP-MD5 Value: 6e9f4093168606ff0e9d7d965c20a895 AVP: l=18 t=Message-Authenticator(80): dff9594bbb81d39e12716aae961454e0 Type: 80 Length: 18 Message-Authenticator: dff9594bbb81d39e12716aae961454e0 AVP: l=18 t=State(24): 6bf59ce96bf4982c16a18f64a0068706 Type: 24 Length: 18 State: 6bf59ce96bf4982c16a18f64a0068706 > I'd like to > understand which EAP flavour out of many (PEAP, EAP-TLS, EAP-TTLS etc) > is actually being used (and why the Android devices are readily > trusting FreeRADIUS's test server certificate, I'm a bit uneasy about > it). > > -- > Victor Sudakov, VAS4-RIPE, VAS47-RIPN > AS43859 > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > -- Eitan Adler
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAF6rxgkDugr=dcYptufVR71Fn9pdAtmxZfKe8QwQpChUN0ckTQ>