ðòïåëôù 

  áòèé÷ 

Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 

  ðåòóïîáìøîïå 

  ðòïçòáííù 

ðéûéôå
ðéóøíá












     áòèé÷ :: Inet-Admins
Inet-Admins mailing list archive (inet-admins@info.east.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Cisco vs Ascend Max (CHAP/PAP battle ;)

Hello!

 Some fresh news from battlefield... ;))

One part of problem were successfully solved. It was really LCP problem,
due to the fact that on Max LCM (LQM?) was enabled and it was not understood
by Cisco. When this option was disabled on Max LCP negotiation became
successful.

Question no.1:
 What the hell is this LCM (LQM?)?? People on Ascend side claimed that it
is standard PPP feature. How it can be enabled on Cisco and could that be
enabled at all?

Now, we are moved forward and stopped again. :(
Ascend clearly refuses to authenticate us. All names and passwords were double-
and triple-checked without any success. Usernames are OK, they are seen in
dump, so we caould check them...

Question no.2:
Could it be some feature in Ascend, which changes authentication options?
Maybe something like LCM (see above)? ;)
Authentication through ordinary login is successful, so Ascend works and
authenticates well... But... It receives plaintext password during login,
and in PAP/CHAP it receives encrypted password. So...

Question no.3:
As far as I could understand CHAP logic (I am not guru, so can say saomething 
dumb now), it gives some ID, and encrypted version of something. Response to
that request demands encryption of something with password on responder's side.
But... All passwords, which I put in Cisco config, become encrypted with some
"7th degree" aglorithm, which, AFAIR, has _no_ reverse. That is, it is usable
for password checking, but it is unusable for encrypting of anything. Am I
wrong? I have found nothing which could help me to place unencrypted password
in Cisco config, so I suspect, that when encrypting this "something" Cisco
cannot use proper password. Seems that I am definitely wrong in this, but
it would be great, if someone, who knows better, explain that in detail.

Question no.5:
I have got replies from people, successfully using Cisco->Ascend line (thanks
them a lot), but have had no reply from people, who are on the Ascend side
of such lines... From Cisco side our configs look identical, so I suspect,
that some peculiarities are present on Ascend side and asks those, who can
say something about Ascend to find the time and reply me.

Finally, Cisco dumps of unsuccessful authentications, maybe someone will
point to me to something significant in them. I have seen nothing. :(

May 12 20:44:08 border 3301: %LINK-3-UPDOWN: Interface BRI1/0: B-Channel 1, changed state to up
May 12 20:44:09 border 3302: PPP BRI1/0: B-Channel 1: No remote authentication for call-out
May 12 20:44:09 border 3303: ppp: sending CONFREQ, type = 5 (CI_MAGICNUMBER), value = 0x61A09F23
May 12 20:44:09 border 3304: PPP BRI1/0: B-Channel 1: O LCP CONFREQ(1) id 96 len 10
May 12 20:44:09 border 3305:    MAGICNUMBER (6) 0x61 0xA0 0x9F 0x23
May 12 20:44:11 border 3306: PPP BRI1/0: B-Channel 1: TIMEout: Time= 0x11D6DB4 State= REQsent
May 12 20:44:11 border 3307: ppp: sending CONFREQ, type = 5 (CI_MAGICNUMBER), value = 0x61A09F23
May 12 20:44:11 border 3308: PPP BRI1/0: B-Channel 1: O LCP CONFREQ(1) id 97 len 10
May 12 20:44:11 border 3309:    MAGICNUMBER (6) 0x61 0xA0 0x9F 0x23
May 12 20:44:11 border 3310: PPP BRI1/0: B-Channel 1(i): pkt type 0xC021, datagramsize 34
May 12 20:44:11 border 3311: PPP BRI1/0: B-Channel 1: I LCP CONFREQ(1) id 1 len 30
May 12 20:44:11 border 3312:    ?? (4) 0x0 0x0
May 12 20:44:11 border 3313:    MRU (4) 0x5 0xF4
May 12 20:44:11 border 3314:    AUTHTYPE (5) 0xC2 0x23 0x5
May 12 20:44:11 border 3315:    MULTILINK_MRRU (4) 0x5 0xF4
May 12 20:44:11 border 3316:    ENDPOINT_DISC (9) 0x3 0x0 0xC0 0x7B 0x5C 0x2 0x5E
May 12 20:44:11 border 3317: PPP BRI1/0: B-Channel 1: input(0xC021) state = REQsent code = CONFREQ(1) id = 1 len = 30
May 12 20:44:11 border 3318: PPP BRI1/0: B-Channel 1: received config for type = 0 (??)
May 12 20:44:11 border 3319: PPP BRI1/0: B-Channel 1: rcvd unknown option 0 rejected
May 12 20:44:11 border 3320: PPP BRI1/0: B-Channel 1: received config for type = 1 (MRU) value = 1524 acked
May 12 20:44:11 border 3321: PPP BRI1/0: B-Channel 1: received config for type = 3 (AUTHTYPE) value = 0xC223 digest = 5 acked
May 12 20:44:11 border 3322: PPP BRI1/0: B-Channel 1: received config for type = 17 (MULTILINK_MRRU) rejected
May 12 20:44:11 border 3323: PPP BRI1/0: B-Channel 1(i): pkt type 0xC021, datagramsize 14
May 12 20:44:11 border 3324: PPP BRI1/0: B-Channel 1: received config for type = 19 (ENDPOINT_DISC) rejected
May 12 20:44:11 border 3325: PPP BRI1/0: B-Channel 1: O LCP CONFREJ(4) id 1 len 21
May 12 20:44:11 border 3326:    ?? (4) 0x0 0x0
May 12 20:44:11 border 3327:    MULTILINK_MRRU (4) 0x5 0xF4
May 12 20:44:11 border 3328:    ENDPOINT_DISC (9) 0x3 0x0 0xC0 0x7B 0x5C 0x2 0x5E
May 12 20:44:11 border 3329: PPP BRI1/0: B-Channel 1: I LCP CONFACK(2) id 97 len 10
May 12 20:44:11 border 3330:    MAGICNUMBER (6) 0x61 0xA0 0x9F 0x23
May 12 20:44:11 border 3331: PPP BRI1/0: B-Channel 1: input(0xC021) state = REQsent code = CONFACK(2) id = 97 len = 10
May 12 20:44:11 border 3332: PPP BRI1/0: B-Channel 1: state = REQsent fsm_rconfack(0xC021): rcvd id 97
May 12 20:44:11 border 3333: ppp: config ACK received, type = 5 (CI_MAGICNUMBER), value = 0x61A09F23
May 12 20:44:11 border 3334: PPP BRI1/0: B-Channel 1(i): pkt type 0xC021, datagramsize 17
May 12 20:44:11 border 3335: PPP BRI1/0: B-Channel 1: I LCP CONFREQ(1) id 2 len 13
May 12 20:44:11 border 3336:    MRU (4) 0x5 0xF4
May 12 20:44:11 border 3337:    AUTHTYPE (5) 0xC2 0x23 0x5
May 12 20:44:11 border 3338: PPP BRI1/0: B-Channel 1: input(0xC021) state = ACKrcvd code = CONFREQ(1) id = 2 len = 13
May 12 20:44:11 border 3339: PPP BRI1/0: B-Channel 1: received config for type = 1 (MRU) value = 1524 acked
May 12 20:44:11 border 3340: PPP BRI1/0: B-Channel 1: received config for type = 3 (AUTHTYPE)
May 12 20:44:11 border 3341:  value = 0xC223 digest = 5 acked
May 12 20:44:11 border 3342: PPP BRI1/0: B-Channel 1: O LCP CONFACK(2) id 2 len 13
May 12 20:44:11 border 3343:    MRU (4) 0x5 0xF4
May 12 20:44:11 border 3344:    AUTHTYPE (5) 0xC2 0x23 0x5
May 12 20:44:11 border 3345: PPP BRI1/0: B-Channel 1(i): pkt type 0xC223, datagramsize 32
May 12 20:44:11 border 3346: PPP BRI1/0: B-Channel 1: I CHAP CHALLENGE(1) id 1 len 28
May 12 20:44:11 border 3347: PPP BRI1/0: B-Channel 1: CHAP challenge from max4000
May 12 20:44:11 border 3348: PPP BRI1/0: B-Channel 1: O CHAP RESPONSE(2) id 1 len 28
May 12 20:44:11 border 3349: PPP BRI1/0: B-Channel 1(i): pkt type 0xC223, datagramsize 9
May 12 20:44:11 border 3350: PPP BRI1/0: B-Channel 1: I CHAP FAILURE(4) id 1 len 5
May 12 20:44:11 border 3351: PPP BRI1/0: B-Channel 1: Failed CHAP authentication with remote.
May 12 20:44:11 border 3352: Remote message is: 
May 12 20:44:11 border 3353: PPP BRI1/0: B-Channel 1(i): pkt type 0xC021, datagramsize 8
May 12 20:44:11 border 3354: PPP BRI1/0: B-Channel 1: I LCP TERMREQ(5) id 1 len 4
May 12 20:44:12 border 3355: PPP BRI1/0: B-Channel 1: input(0xC021) state = Open code = TERMREQ(5) id = 1 len = 4
May 12 20:44:12 border 3356: PPP BRI1/0: B-Channel 1: O LCP TERMACK(6) id 1 len 4
May 12 20:44:13 border 3357: %ISDN-6-CONNECT: Interface BRI1/0: B-Channel 1 is now connected to 92329696 
May 12 20:44:14 border 3358: PPP BRI1/0: B-Channel 1: TIMEout: Time= 0x11D7978 State= TERMsent
May 12 20:44:14 border 3359: PPP BRI1/0: B-Channel 1: No remote authentication for call-out
May 12 20:44:14 border 3360: %ISDN-6-DISCONNECT: Interface BRI1/0: B-Channel 1  disconnected from 92329696 , call lasted 5 seconds
May 12 20:44:15 border 3361: %LINK-3-UPDOWN: Interface BRI1/0: B-Channel 1, changed state to down
May 12 20:54:52 border 3362: %LINK-3-UPDOWN: Interface BRI1/0: B-Channel 1, changed state to up
May 12 20:54:53 border 3363: PPP BRI1/0: B-Channel 1: No remote authentication for call-out
May 12 20:54:53 border 3364: ppp: sending CONFREQ, type = 5 (CI_MAGICNUMBER), value = 0x61AA709D
May 12 20:54:53 border 3365: PPP BRI1/0: B-Channel 1: O LCP CONFREQ(1) id 98 len 10
May 12 20:54:53 border 3366:    MAGICNUMBER (6) 0x61 0xAA 0x70 0x9D
May 12 20:54:54 border 3367: PPP BRI1/0: B-Channel 1: TIMEout: Time= 0x1273F2C State= REQsent
May 12 20:54:54 border 3368: ppp: sending CONFREQ, type = 5 (CI_MAGICNUMBER), value = 0x61AA709D
May 12 20:54:54 border 3369: PPP BRI1/0: B-Channel 1: O LCP CONFREQ(1) id 99 len 10
May 12 20:54:54 border 3370:    MAGICNUMBER (6) 0x61 0xAA 0x70 0x9D
May 12 20:54:54 border 3371: PPP BRI1/0: B-Channel 1(i): pkt type 0xC021, datagramsize 33
May 12 20:54:54 border 3372: PPP BRI1/0: B-Channel 1: I LCP CONFREQ(1) id 1 len 29
May 12 20:54:54 border 3373:    ?? (4) 0x0 0x0
May 12 20:54:54 border 3374:    MRU (4) 0x5 0xF4
May 12 20:54:54 border 3375:    AUTHTYPE (4) 0xC0 0x23
May 12 20:54:54 border 3376:    MULTILINK_MRRU (4) 0x5 0xF4
May 12 20:54:54 border 3377:    ENDPOINT_DISC (9) 0x3 0x0 0xC0 0x7B 0x5C 0x2 0x5E
May 12 20:54:54 border 3378: PPP BRI1/0: B-Channel 1: input(0xC021) state = REQsent code = CONFREQ(1) id = 1 len = 29
May 12 20:54:54 border 3379: PPP BRI1/0: B-Channel 1: received config for type = 0 (??)
May 12 20:54:54 border 3380: PPP BRI1/0: B-Channel 1: rcvd unknown option 0 rejected
May 12 20:54:54 border 3381: PPP BRI1/0: B-Channel 1: received config for type = 1 (MRU) value = 1524 acked
May 12 20:54:54 border 3382: PPP BRI1/0: B-Channel 1: received config for type = 3 (AUTHTYPE) value = 0xC023 acked
May 12 20:54:54 border 3383: PPP BRI1/0: B-Channel 1: received config for type = 17 (MULTILINK_MRRU) rejected
May 12 20:54:54 border 3384: PPP BRI1/0: B-Channel 1: received config for type = 19 (ENDPOINT_DISC)
May 12 20:54:54 border 3385: PPP BRI1/0: B-Channel 1(i): pkt type 0xC021, datagramsize 14 rejected
May 12 20:54:54 border 3386: PPP BRI1/0: B-Channel 1: O LCP CONFREJ(4) id 1 len 21
May 12 20:54:54 border 3387:    ?? (4) 0x0 0x0
May 12 20:54:54 border 3388:    MULTILINK_MRRU (4) 0x5 0xF4
May 12 20:54:54 border 3389:    ENDPOINT_DISC (9) 0x3 0x0 0xC0 0x7B 0x5C 0x2 0x5E
May 12 20:54:54 border 3390: PPP BRI1/0: B-Channel 1: I LCP CONFACK(2) id 99 len 10
May 12 20:54:54 border 3391:    MAGICNUMBER (6) 0x61 0xAA 0x70 0x9D
May 12 20:54:54 border 3392: PPP BRI1/0: B-Channel 1: input(0xC021) state = REQsent code = CONFACK(2) id = 99 len = 10
May 12 20:54:54 border 3393: PPP BRI1/0: B-Channel 1: state = REQsent fsm_rconfack(0xC021): rcvd id 99
May 12 20:54:54 border 3394: ppp: config ACK received, type = 5 (CI_MAGICNUMBER), value = 0x61AA709D
May 12 20:54:54 border 3395: PPP BRI1/0: B-Channel 1(i): pkt type 0xC021, datagramsize 16
May 12 20:54:54 border 3396: PPP BRI1/0: B-Channel 1: I LCP CONFREQ(1) id 2 len 12
May 12 20:54:54 border 3397:    MRU (4) 0x5 0xF4
May 12 20:54:54 border 3398:    AUTHTYPE (4) 0xC0 0x23
May 12 20:54:54 border 3399: PPP BRI1/0: B-Channel 1: input(0xC021) state = ACKrcvd code = CONFREQ(1) id = 2 len = 12
May 12 20:54:54 border 3400: PPP BRI1/0: B-Channel 1: received config for type = 1 (MRU) value = 1524 acked
May 12 20:54:54 border 3401: PPP BRI1/0: B-Channel 1: received config for type = 3 (AUTHTYPE)
May 12 20:54:55 border 3402:  value = 0xC023 acked
May 12 20:54:55 border 3403: PPP BRI1/0: B-Channel 1: O LCP CONFACK(2) id 2 len 12
May 12 20:54:55 border 3404:    MRU (4) 0x5 0xF4
May 12 20:54:55 border 3405:    AUTHTYPE (4) 0xC0 0x23
May 12 20:54:55 border 3406: PPP BRI1/0: B-Channel 1: O PAP AUTH-REQ(1) id 1 len 16
May 12 20:54:55 border 3407: PPP BRI1/0: B-Channel 1(i): pkt type 0xC023, datagramsize 9
May 12 20:54:55 border 3408: PPP BRI1/0: B-Channel 1: I PAP AUTH-NAK(3) id 1 len 5
May 12 20:54:55 border 3409: PPP BRI1/0: B-Channel 1: Failed PAP authentication with remote.
May 12 20:54:55 border 3410: PPP BRI1/0: B-Channel 1(i): pkt type 0xC021, datagramsize 8
May 12 20:54:55 border 3411: PPP BRI1/0: B-Channel 1: I LCP TERMREQ(5) id 1 len 4
May 12 20:54:55 border 3412: PPP BRI1/0: B-Channel 1: input(0xC021) state = Open code = TERMREQ(5) id = 1 len = 4
May 12 20:54:55 border 3413: PPP BRI1/0: B-Channel 1: O LCP TERMACK(6) id 1 len 4
May 12 20:54:56 border 3414: %ISDN-6-CONNECT: Interface BRI1/0: B-Channel 1 is now connected to 92329696 
May 12 20:54:57 border 3415: PPP BRI1/0: B-Channel 1: TIMEout: Time= 0x1274964 State= TERMsent
May 12 20:54:57 border 3416: PPP BRI1/0: B-Channel 1: No remote authentication for call-out
May 12 20:54:57 border 3417: %ISDN-6-DISCONNECT: Interface BRI1/0: B-Channel 1  disconnected from 92329696 , call lasted 5 seconds
May 12 20:54:58 border 3418: %LINK-3-UPDOWN: Interface BRI1/0: B-Channel 1, changed state to down



-- 
--------------------------------------
Basil (Vasily)  Dolmatov   dol@east.ru        +7-095-956-4951
[BVD12] [VVD1-RIPE]

East Connection ISP, Moscow, Russia.

=============================================================================
"inet-admins" Internet access mailing list. Maintained by East Connection ISP.
Mail "unsubscribe inet-admins" to Majordomo@east.ru if you want to quit.

 



Copyright © Lexa Software, 1996-2009.