Re: (ASCEND) TNT : weakness in authentication process

[Tim Basher <basher@alpha.CES.CWRU.Edu>]

> > > [ A report that with 1.3Ap6 on a TNT, the TNT does not force the remote
> > >   system to accept an IP address. ]
> >
> > [ A pointer to the relevant section of the TNT documentation. ]
>
> [ An excerpt of the TNT configuration showing that the documented settings
>   were correct. ]
> 
> Regarding what you have indicated below, the TNT should not accept a P50
> to connect with an IP address which is not the one in the Radius profile,
> correct ?

Well, that was certainly what I thought.  While there is no formal requirement
in the PPP standard that the host must drop the connection -- the hosts can
agree to disagree about the address (this means that the connection may not
work) -- it was my understanding that the Ascend equipment *is* supposed to
drop the connection.

I would recommend you test this with known addresses and check the
"netstat -nr" information to see if the TNT is actually accepting the
connection but not the addresses OR if it is accepting both the connection
and the addresses requested by the remote host.

In either case, it sounds like you need to get in touch with Ascend customer
service - at a minimum the documentation needs to be updated (maybe there is
something else that needs to be set OR maybe the expected behavior has been
changed), but this may be a software defect that needs to be corrected.

Good luck.
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

---

References:

• Re: (ASCEND) TNT : weakness in authentication process
• From: Paul Rolland <rol@oleane.net>

---

• Prev by Date: (ASCEND) DHCP and P50
• Next by Date: (ASCEND) Re: Stopping ether-display, remoting from TNT
• Prev by thread: Re: (ASCEND) TNT : weakness in authentication process
• Next by thread: (ASCEND) PSION Gold Card and 56K
• Index(es):
  • Main
  • Thread