Re: Radius and tacacs+

From: Blake Matheny (bmatheny_at_mkfifo.net)
Date: 09/12/03

Next message: Matt Foster: "RE: FW1 External Ruleset validation tools?"

Previous message: Ranjeet Shetye: "RE: Cracking a Netscreen password"
In reply to: mmo_at_remote-exploit.org: "Radius and tacacs+"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 12 Sep 2003 11:52:22 -0400
To: mmo@remote-exploit.org

There are several vunlerabilities in the Radius protocol (replay attacks,
etc.). This is why Diameter was proposed as the replacement standard. No one
has seemed to really get behind it for some strange reason though.
You should read this:
http://www.untruth.org/~josh/security/radius/radius-auth.html
if you haven't already. Also, other than vulnerabilities in the protocol,
looking at the backend (i.e. LDAP, SecurID, etc.) can be extremely fruitful.

-Blake

Whatchu talkin' 'bout, Willis?
> Hi there,
>
> Two small questions:
>
> i just like to know, what are your favorites for analyzing/pentesting
> radius authentications / radius communication.
>
> 2nd:
> Did allready some of you tested leap in a heavy pentest?
>
> Greetings
>
> Max
>
>
> ---------------------------------------------------------------------------
> FREE Trial!
> New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
> and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
> technology powered by the award-winning FoundScan engine. Try it free for
> 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
> ----------------------------------------------------------------------------
>

-- 
Blake Matheny           "... one of the main causes of the fall of the
bmatheny@mkfifo.net      Roman Empire was that, lacking zero, they had
http://www.mkfifo.net    no way to indicate successful termination of
http://ovmj.org/GNUnet/  their C programs." --Robert Firth
---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL 
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment 
technology powered by the award-winning FoundScan engine. Try it free for  21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------

Next message: Matt Foster: "RE: FW1 External Ruleset validation tools?"

Previous message: Ranjeet Shetye: "RE: Cracking a Netscreen password"
In reply to: mmo_at_remote-exploit.org: "Radius and tacacs+"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]