Dear all,
I know that this is FreeRadius forum, but since ICRadius
forum is almost dead i thought someone can help me, here. It turns out this
morning that I have over 1,800,000 records in my RadAcct table with blank
username. Probably I am under attack. The record is so much different than
regular user records authenticated through NAS server. In each record
AcctSessionTime=1
|
|
Attack |
Regular |
|
NASIPAddress |
A.B.C.D |
A.B.C.D |
|
NASPortType |
Virtual |
Async |
|
AcctAuthentic |
local |
Radius |
|
CalledStationId |
first 10 char of A.B.C.D |
Regular phone number |
|
AcctTerminateCause |
Lost-Carrier |
Usually User-Request |
|
Service-Type |
NAS-Prompt-User |
Framed-User |
|
NASPortId |
122, 123 |
* |
Can anyone tell me, what is going on? How can I stop this
attacker?
BR, Baynaa.