Dear all,

 

I know that this is FreeRadius forum, but since ICRadius forum is almost dead i thought someone can help me, here. It turns out this morning that I have over 1,800,000 records in my RadAcct table with blank username. Probably I am under attack. The record is so much different than regular user records authenticated through NAS server. In each record AcctSessionTime=1

 

 

Attack

Regular

NASIPAddress

A.B.C.D

A.B.C.D

NASPortType

Virtual

Async

AcctAuthentic

local

Radius

CalledStationId

first 10 char of A.B.C.D

Regular phone number

AcctTerminateCause

Lost-Carrier

Usually User-Request

Service-Type

NAS-Prompt-User

Framed-User

NASPortId

122, 123

*

 

 

Can anyone tell me, what is going on? How can I stop this attacker?

 

BR, Baynaa.