[89391] in North American Network Operators' Group
Re: Security problem in PPPoE connection
daemon@ATHENA.MIT.EDU (Joe Shen)
Mon Mar 13 02:20:02 2006
Date: Mon, 13 Mar 2006 15:19:32 +0800 (CST)
From: Joe Shen <joe_hznm@yahoo.com.sg>
To: Niels Bakker <niels=nanog@bakker.net>, nanog@merit.edu
In-Reply-To: <20060312133925.GF1469@burnout.tpb.net>
Errors-To: owner-nanog@merit.edu
> >What's your method to deal with such problem? Will
> CHAP in PPPoE help?
>
> That may help against password sniffing but won't
> help against sniffing
> traffic by an active attacker once the session has
> been established.
> Also, you'll have to revisit all CPE to explicitly
> disable PAP, or an
> active attacker could still steal the password if he
> impersonates the
> real PPPoE server.
If we enable CHAP on BRAS, is it enough that asking
subscriber to enable Chap on MS-windows dial
connection or Linux ? Need we install some other
tools?
Regards
Joe
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 1GB free storage!
http://sg.whatsnew.mail.yahoo.com
