Re: [Openh323gk-users] Bug in radius ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

"So I put in Framed-IP-Address IP of the call origin, not destination..."

Well , I guess that this is a security "bug"..

If so , I have to associate the username "gigel"   with the both ip's....
    In Radius it would be:               gigel :
Framed-Ip-Address:192.168.0.135
                                                   gigel :
Framed-Ip-Address:192.168.0.136

    But .....
    If host  192.168.0.135 changes his alias from "alex"  to gigel , then it
will be authentificated in gatekeeper , and all the accounting for that IP
would be done
            for user "gigel" ..........   And so , the user with
192.168.0.135 would happily talk to everbody , because 192.168.0.136 is
paying the bill.. :)


And that , in my oppinion , is a little bit tricky...


And ,from another point of view..  I should then asociate for every customer
I have  all other customers IP..          And for , let's say 1000 clients ,
I would have in the Radius database  1000*1000 records....            If a
new customer joins in , i'll spend a lot of time only to add him to the
lists of other customers allowed calledstationip..


                                                                Thanks


Alex

----- Original Message ----- 
From: "Zygmuntowicz Michal" <m.zygmuntowicz@onet.pl>
To: <openh323gk-users@lists.sourceforge.net>
Sent: Wednesday, July 16, 2003 1:51 PM
Subject: Re: [Openh323gk-users] Bug in radius ?


> Hello Alex,
>
> I do not know whether it is a bug or not. This Access-Request is send
> to query Radius server whether the terminal "alex" can receive incoming
> call from terminal "gigatel" (that's why Service-Type is CallCheck).
> So I put in Framed-IP-Address IP of the call origin, not destination.
> But I am not sure if it is correct, so if a few people confirm that it
would be better
> to put here always IP associated with Username, then I will fix it.
> If it does not suit you know, it is enough to change one if condition in
the source code
> to get behaviour you need. I can give you more details on priv, if you
wish.
>
> More concerning thing is that this request does not have
Calling-Station-Id atribute.
> Is it ommited from the text, or not sent at all?
>
> ----- Original Message ----- 
> From: "Alexandru Coseru" <alex_spam@distinctgroup.net>
> To: <openh323gk-users@lists.sourceforge.net>
> Sent: Wednesday, July 16, 2003 11:38 AM
> Subject: [Openh323gk-users] Bug in radius ?
>
>
> It seems there is a bug in radius modules..
> Using radius authentification & accounting , and running radiusd in debug
mode , I've notice that:
>
> rad_recv: Access-Request packet from host 127.0.0.1:33606, id=59,
length=219
>         User-Name = "alex"
>         User-Password = "alex"
>         NAS-IP-Address = 192.168.0.25
>         NAS-Identifier = "stgk02"
>         NAS-Port-Type = Virtual
>         Service-Type = Call-Check
>         Framed-IP-Address = 192.168.0.136
>         Called-Station-Id = "961"
>         h323-conf-id = "h323-conf-id=2134F4D 74BC2FBC 56343434 34EF0000"
>         h323-call-origin = "h323-call-origin=answer"
>         h323-call-type = "h323-call-type=VoIP"
>         h323-gw-id = "h323-gw-id=stgk02"
>
> Well , it seems like a normal request.. But...    terminal "alex" is not
at 192.168.0.136..  That's the IP of
> callingstation..
> So , I have a auth req  with user,password from calledstation and ip from
callingstation..
> Is this normal ?
> Here is a telnet to gk:
>
> printallregistrations
> AllRegistrations
> RCF|192.168.0.135:1720|alex:h323_ID=961:dialedDigits|terminal|5815_endp
>
RCF|192.168.0.136:1720|gigel:h323_ID=00502d002834:h323_ID|terminal|5816_endp
> Number of Endpoints: 2
>
> That happend when I have dialed from gigel (192.168.0.136)   the number
961  (which is the number of
> alex(192.168.0.135).
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: VM Ware
> With VMware you can run multiple operating systems on a single machine.
> WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
> same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
> _______________________________________________
> List: Openh323gk-users@lists.sourceforge.net
> Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
> Homepage: http://www.gnugk.org/



-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
_______________________________________________
List: Openh323gk-users@lists.sourceforge.net
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
Homepage: http://www.gnugk.org/
[Index of Archives]     [SIP]     [Open H.323]     [Gnu Gatekeeper]     [Asterisk PBX]     [ISDN Cause Codes]     [Yosemite News]

  Powered by Linux