While setting up RADIUS for the Meraki VPN device I seen this in all the authentication packets:
Frame 16307: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0
Ethernet II, Src: Dell_06:70:02 (14:18:77:06:71:a2), Dst: Vmware_87:fd:1e (00:50:56:87:3d:2e)
Internet Protocol Version 4, Src: 10.101.111.4, Dst: 10.101.1.11
User Datagram Protocol, Src Port: 55230, Dst Port: 1812
RADIUS Protocol
Code: Access-Request (1)
Packet identifier: 0x5a (90)
Length: 84
Authenticator: f7cc2cdc86bxxxx
[The response to this request is in frame 16308]
Attribute Value Pairs
AVP: l=6 t=Service-Type(6): Framed(2)
AVP: l=6 t=Framed-Protocol(7): PPP(1)
AVP: l=11 t=User-Name(1): g.whynott
AVP: l=18 t=User-Password(2): Encrypted
AVP: l=11 t=Calling-Station-Id(31): CLIENTVPN
AVP: l=6 t=NAS-IP-Address(4): 6.78.217.8 <---------------------------------------- *gasp*
AVP Type: 4
AVP Length: 6
NAS-IP-Address: 6.78.217.8 <--------------------------------
AVP: l=6 t=NAS-Port(5): 1
That isn't my IP! lets do a whois, thinking it would come from Meraki's cloud network...
[root@irix ~]# whois !$
whois 6.78.217.8
__SNIP__
NetRange: 6.0.0.0 -
6.255.255.255
CIDR:
6.0.0.0/8
NetName:
CONUS-YPG-NET
OrgName:
Headquarters, USAISC
OrgId:
HEADQU-3
Address: NETC-ANC
CONUS TNOSC
City:
Fort Huachuca
StateProv: AZ
What is Fort Huachuca? If you guessed the "United states Army network Enterprise tech command center", you would be correct!
WTF? are they collecting account information from Meraki customers? Black ops!
I hear helicopters, brb...
greg