Fwd: Re: Quasi-enterprise WiFi network

Eitan Adler lists at eitanadler.com
Sat Jan 13 10:18:24 UTC 2018 

On 13 January 2018 at 01:55, Victor Sudakov <vas at mpeks.tomsk.su> wrote:
>
>
> Are there any network experts willing to look at the dump of RADIUS
> traffic at http://noc.sibptus.ru/~sudakov/radius.pcap ?


>From wireshark: PEAP / EAP-MD5-CHALLENGE

Extensible Authentication Protocol
    Code: Request (1)
    Id: 2
    Length: 6
    Type: Protected EAP (EAP-PEAP) (25)
    EAP-TLS Flags: 0x20


Frame 2: 122 bytes on wire (976 bits), 122 bytes captured (976 bits)
Ethernet II, Src: D-LinkIn_33:c9:7c (c4:12:f5:33:c9:7c), Dst:
Tp-LinkT_80:65:0d (98:de:d0:80:65:0d)
Internet Protocol Version 4, Src: 192.168.4.1, Dst: 192.168.4.15
User Datagram Protocol, Src Port: 1812, Dst Port: 49565
RADIUS Protocol
    Code: Access-Challenge (11)
    Packet identifier: 0x1f (31)
    Length: 80
    Authenticator: 3ee26ab2364064973ef2ce988915ca8b
    [This is a response to a request in frame 1]
    [Time from request: 0.000410000 seconds]
    Attribute Value Pairs
        AVP: l=24 t=EAP-Message(79) Last Segment[1]
            Type: 79
            Length: 24
            EAP fragment: 0101001604106e9f4093168606ff0e9d7d965c20a895
            Extensible Authentication Protocol
                Code: Request (1)
                Id: 1
                Length: 22
                Type: MD5-Challenge EAP (EAP-MD5-CHALLENGE) (4)
                    [Expert Info (Warning/Security): Vulnerable to MITM
attacks. If possible, change EAP type.]
                        [Vulnerable to MITM attacks. If possible, change
EAP type.]
                        [Severity level: Warning]
                        [Group: Security]
                EAP-MD5 Value-Size: 16
                EAP-MD5 Value: 6e9f4093168606ff0e9d7d965c20a895
        AVP: l=18 t=Message-Authenticator(80):
dff9594bbb81d39e12716aae961454e0
            Type: 80
            Length: 18
            Message-Authenticator: dff9594bbb81d39e12716aae961454e0
        AVP: l=18 t=State(24): 6bf59ce96bf4982c16a18f64a0068706
            Type: 24
            Length: 18
            State: 6bf59ce96bf4982c16a18f64a0068706




> I'd like to
> understand which EAP flavour out of many (PEAP, EAP-TLS, EAP-TTLS etc)
> is actually being used (and why the Android devices are readily
> trusting FreeRADIUS's test server certificate, I'm a bit uneasy about
> it).
>
> --
> Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
> AS43859
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>



-- 
Eitan Adler

More information about the freebsd-net mailing list