Re: PPP: ever seen this before?

From: Marc La Porte (marc.a.laporte@gmail.com)
Date: Sun Jul 13 2008 - 05:28:52 ART

• Next message: Shahid Ansari: "Re: Passed #21395"
• Previous message: Petr Lapukhov: "Re: PPP: ever seen this before?"
• Maybe in reply to: Marc La Porte: "PPP: ever seen this before?"
• Next in thread: Petr Lapukhov: "Re: PPP: ever seen this before?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Petr,

Thanks for the clarification, but it doesn't look like a typo though (unless
my brain is out of order ;-)
FYI, it's VOL3, Lab 6, Task 3.7.... and the config works...

R3:
username Rack3R4 password CISCO
username Rack3R5 password CISCO
!
int multilink34
 ppp authentication pap
 ppp pap sent-username Rack3R4 password CISCO
!
int multilink35
 ppp authentication chap

R4:
username Rack3R3 password CISCO
!
int multilink34
 ppp authentication pap
 ppp pap sent-username Rack3R3 password CISCO

R5:
username Rack3R3 password CISCO
!
int multilink35
 ppp authentication chap

Marc

On Sun, Jul 13, 2008 at 10:21 AM, Petr Lapukhov <petr@internetworkexpert.com>
wrote:

> The problem is that the same username and password you are sending in CLEAR
> text using PAP are also configured globally in the same router (looks like
> it's just a typo in your config, since you probably want to send Rack3R3).
> That means that the global names could be used by R3 for CHAP authentication
> (if R3 is condfigured for CHAP), and malicious user can sniff PAP exchange
> and later *potentially* spoof CHAP credentials authenticating with R3.
> AFAIK this warning only happens when you send a PAP name/password which
> coincides with globally configured username and password.
>
> --
> Petr Lapukhov, CCIE #16379 (R&S/Security/SP/Voice)
> petr@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
>
> 2008/7/13 Marc La Porte <marc.a.laporte@gmail.com>:
>
>> Rack3R3(config-if)# ppp pap sent-username Rack3R4 password CISCO
>> PPP: Warning: You have chosen a username/password combination that
>> is valid for CHAP. This is a potential security hole.
>>
>>
>> complete config R3:
>> username Rack3R4 password CISCO
>> username Rack3R5 password CISCO
>> !
>> int multilink34
>> ppp authentication pap
>> ppp pap sent-username Rack3R4 password CISCO
>> !
>> int multilink35
>> ppp authentication chap
>>
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

• Next message: Shahid Ansari: "Re: Passed #21395"
• Previous message: Petr Lapukhov: "Re: PPP: ever seen this before?"
• Maybe in reply to: Marc La Porte: "PPP: ever seen this before?"
• Next in thread: Petr Lapukhov: "Re: PPP: ever seen this before?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:54 ART