PPPOE password sniffing

From: Nikolaj (lorddoskias@gmail.com)
Date: Tue Jan 23 2007 - 08:24:38 EST

• Next message: Ezequiel Sallis: "RE: Wikto and googling"
• Previous message: Michael Starr: "RE: Wikto and googling"
• Next in thread: alexpheno@gmail.com: "Re: PPPOE password sniffing"
• Maybe reply: alexpheno@gmail.com: "Re: PPPOE password sniffing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I'm playing with pppoe for the time being and I noticed something rather
peculiar. I'm authenticating against radius server, and the
Authentication says it is PAP - eg. clear text passwords. I've read
through rfc 2516 and there is nothing said about the authentication with
  password. I'm wondering whether there is a way to sniff such
passwords? I tried sniffing my own connection when I was connecting to
the pppoe NAS but no luck. Where are the password and username contained
- in the payload of some of the PAD* packets?

Regards.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

• Next message: Ezequiel Sallis: "RE: Wikto and googling"
• Previous message: Michael Starr: "RE: Wikto and googling"
• Next in thread: alexpheno@gmail.com: "Re: PPPOE password sniffing"
• Maybe reply: alexpheno@gmail.com: "Re: PPPOE password sniffing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:33 EDT