[bcrl]

Realistically, it doesn't matter. My ISP uses RADIUS for authenticating customers in the access network. If someone manages to intercept messages in the middle of my network, I've got bigger problems. Even if someone does inject in the middle, the worst case is that they can forge packets of residential end users. Those customers are already untrusted, so it really does not matter.

[bjterry]

> Those customers are already untrusted, so it really does not matter.

Perhaps it doesn't matter to the health of your network, but if it leads to a customer's account being disabled due to incorrectly assigned abuse, surely it would matter to them.

[bcrl]

How in tarnation would they do that? To inject traffic into the network, the attacker would have to compromise the access network. The RADIUS attack is not going to accomplish that.

[bjterry]

I mean, I know nothing about your network. If your network access servers are within a datacenter under your exclusive physical control, perhaps it's not an issue since it requires a man-in-the-middle position. Something like a neighborhood cabinet DSLAM could be open to abuse?