RADIUS Authentication
Arran Cudbard-Bell
A.Cudbard-Bell at sussex.ac.uk
Thu Jun 14 23:41:38 CEST 2007
nguyenvinht wrote:
> Thanks for replying.
> I want to implement this through RADIUS Server.
> Looking for some code modification or new attributes to accomplish the task.
>
> Vinh.
>
>
> tnt wrote:
>> Allow everybody (who knows your secret) to use your radius server by
>> entering 0.0.0.0/0 as client address in clents.conf. Use firewall to
>> block access to radius ports for those specific IP addresses.
Allow everybody (who knows your secret) to use your radius server by
entering 0.0.0.0/0 as client address in clents.conf.
Enter naughty hosts in naughty huntgroup.
Check for naughty huntgroup and reject.
Huntgroups
naughty Packet-Src-IP-Address == naughtyhostone.com
naughty Packet-Src-IP-Address == 139.184.12.1
naughty Packet-Src-IP-Address == 127.0.0.1
Users
DEFAULT Huntgroup-Name == "naughty", Auth-Type := Reject
Apparently RFC states that server must respond ... so unless you use a
firewall, naughty hosts will know the servers alive , and be able to
flood it with lots of requests.
Only way to get FreeRADIUS to be quiet is to modify the source.
--
Arran Cudbard-Bell (A.Cudbard-Bell at sussex.ac.uk)
Authentication, Authorisation and Accounting Officer
Infrastructure Services | ENG1 E1-1-08
University Of Sussex, Brighton
EXT:01273 873900 | INT: 3900
More information about the Freeradius-Users
mailing list