Sniffing PAP/CHAP

[Jonathan Care]

On Thu, 01 Jun 2000, Roland Perry wrote:
> A posting on uk.telecom has reminded me about PAP/CHAP authentication,
> where unless I am mistaken the username and password are exchanged over
> the network in encrypted form. How then will a passive interception
> system "sniff" the necessary information form the RADIUS server session=
s
> to identify the suspect's session ?

If you are using RADIUS, the interesting bit is not necessarily the traff=
ic of
the authentication session itself, but the logging information (START, ST=
OP, and
AUTH) which maps IP address to calling number ID, and shows the session
duration - all needed for billing, etc. This is sent in clear in UDP pack=
ets,
and hence is easily sniffable.

I cannot comment on the strength of the encryption algorithm used for PAP=
/CHAP
- my understanding is that PAP is a fairly clear resusable password-based
challenge, whereas CHAP provides additional security measures by using
challenge-handshake response. I think that encryption of the process is a=
n
optional part of the PPP LCP process.

Mind you, I could be wrong. It has happened before.=20

> This isn't new, an ISP I helped found in 1995 used exclusively PAP/CHAP=
,
> although I got the impression it may have been the first.

With the advent of PPP over SLIP as a dialin protocol, I think a number o=
f
networks (and for that matter ISPs) were starting to do this. The use of =
the
UNIX username+password emulation is really a historical hangover from the=
 days
when the air was clean, sex was dirty, and dialins were done by hanging b=
unches
of modems off multi-serial port cards on a Sun box.

With the adoption of "pops in a box" like portmaster and ascend, newer pr=
otocols
such as PPP became more popular over proprietary HDLC and indeed SLIP, an=
d
started appearing on boxes around the 93-95 period.

--=20
Jonathan Care - +44 (0) 7061 170337
Nobody does it better, makes me feel sad for the rest.