Thanks Arran, Is packet-src-ip-address is a defined attribute in the huntgroups? Do you know where I can find more documentation about configurating huntgroups? Any thoughts about how freeRADIUS can stop the naughty hosts? Thanks in advance for your answers. Vinh Arran Cudbard-Bell wrote:
nguyenvinht wrote:
Thanks for replying. I want to implement this through RADIUS Server. Looking for some code modification or new attributes to accomplish the task.
Vinh.
tnt wrote:
Allow everybody (who knows your secret) to use your radius server by entering 0.0.0.0/0 as client address in clents.conf. Use firewall to block access to radius ports for those specific IP addresses.
Allow everybody (who knows your secret) to use your radius server by entering 0.0.0.0/0 as client address in clents.conf.
Enter naughty hosts in naughty huntgroup. Check for naughty huntgroup and reject.
Huntgroups naughty Packet-Src-IP-Address == naughtyhostone.com naughty Packet-Src-IP-Address == 139.184.12.1 naughty Packet-Src-IP-Address == 127.0.0.1
Users DEFAULT Huntgroup-Name == "naughty", Auth-Type := Reject
Apparently RFC states that server must respond ... so unless you use a firewall, naughty hosts will know the servers alive , and be able to flood it with lots of requests.
Only way to get FreeRADIUS to be quiet is to modify the source. -- Arran Cudbard-Bell (A.Cudbard-Bell@sussex.ac.uk) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- View this message in context: http://www.nabble.com/RADIUS-Authentication-tf3918468.html#a11257669 Sent from the FreeRadius - User mailing list archive at Nabble.com.