Effects of Incorrect EAP Termination in eduroam

[Jan Tomasek <jan.tomasek@xxxxxxxxx>]

Hi,

few months ago I discovered a very interesting effect of incorrect EAP 
termination in eduroam. Incorrectly configured FreeRADIUS 1.x.x server 
(but not only FreeRADIUS) might be used as proxy for hiding true 
identity of an user. Because this mistaken configuration is part of 
"eduroam cookbok" the number of misconfigured servers might be quite 
high. But, I First published this problem in February in GN2-SA5, so I 
hope that most of misconfigured servers are fixed now.

Detailed description of the problem and its solution:

http://www.cesnet.cz/doc/techzpravy/2008/incorrect-eap-termination-in-eduroam/



I suggest to all NREN level admins to check all their realms. Tools are 
part of my report above.

Have fun ;)
--
--------------------------------------------------------------
Jan Tomasek aka Semik           work: CESNET, z.s.p.o.
http://staff.cesnet.cz/~semik         Zikova 4, 160 00 Praha 6
phone: +420 234 680 279               Czech Republic
phone: +420 312 661 010               http://www.cesnet.cz/

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature