Re: DoS Attack against many RADIUS servers

From: David Frascone (daveat_private)
Date: Fri Feb 22 2002 - 10:07:51 PST

Next message: mrjade 2k2: "Morpheus, Kazaa and Grokster Remote DoS. Also Identity faking vulnerability."

Previous message: Jonathan G. Lampe: "RE: Whose X do I need to X to get on CERT?"
In reply to: Alan DeKok: "DoS Attack against many RADIUS servers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is a common problem with the way RADIUS does it's retransmissions.

Any flood of requests will cause the server to kill itself with the
UDP retransmissions.  And, if requests take too long, the protocol will
break, since it can only have 254 (or is it 253) active requests alive at
any one given time.  (A single character identifier)

That's why the IETF created Diameter, which will one day replace RADIUS,
and is not susceptable to this type of DoS attack.

-Dave

On Thursday, 21 Feb 2002, Alan DeKok wrote:
>   There was a report recently to the maintainers of FreeRADIUS of a
> DoS attack against it.  For background, FreeRADIUS is a free software
> RADIUS authentication, authorization, and accounting server. [1]
> 
>

Next message: mrjade 2k2: "Morpheus, Kazaa and Grokster Remote DoS. Also Identity faking vulnerability."
Previous message: Jonathan G. Lampe: "RE: Whose X do I need to X to get on CERT?"
In reply to: Alan DeKok: "DoS Attack against many RADIUS servers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Feb 22 2002 - 16:40:36 PST