From: Blake Matheny (bmatheny@mkfifo.net)
Date: Fri Sep 12 2003 - 11:52:22 EDT
There are several vunlerabilities in the Radius protocol (replay attacks,
etc.). This is why Diameter was proposed as the replacement standard. No one
has seemed to really get behind it for some strange reason though.
You should read this:
http://www.untruth.org/~josh/security/radius/radius-auth.html
if you haven't already. Also, other than vulnerabilities in the protocol,
looking at the backend (i.e. LDAP, SecurID, etc.) can be extremely fruitful.
-Blake
Whatchu talkin' 'bout, Willis?
> Hi there,
>
> Two small questions:
>
> i just like to know, what are your favorites for analyzing/pentesting
> radius authentications / radius communication.
>
> 2nd:
> Did allready some of you tested leap in a heavy pentest?
>
> Greetings
>
> Max
>
>
> ---------------------------------------------------------------------------
> FREE Trial!
> New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
> and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
> technology powered by the award-winning FoundScan engine. Try it free for
> 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
> ----------------------------------------------------------------------------
>
-- Blake Matheny "... one of the main causes of the fall of the bmatheny@mkfifo.net Roman Empire was that, lacking zero, they had http://www.mkfifo.net no way to indicate successful termination of http://ovmj.org/GNUnet/ their C programs." --Robert Firth --------------------------------------------------------------------------- FREE Trial! New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL and PROFESSIONAL TL software. Fast, reliable vulnerability assessment technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825 ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:39 EDT