username is blank in RadAcct table (ICRADIUS)

Phil Mayers p.mayers at imperial.ac.uk
Tue Jan 24 12:20:31 CET 2006


> I know that this is FreeRadius forum, but since ICRadius forum is almost 
> dead i thought someone can help me, here. It turns out this morning that 
> I have over 1,800,000 records in my RadAcct table with blank username. 
> Probably I am under attack. The record is so much different than regular 
> user records authenticated through NAS server. In each record 
> AcctSessionTime=1

No HTML please, quite aside from the off-topic.

> 
> 
> NASPortType Virtual
> AcctAuthentic local
> CalledStationId first 10 char of A.B.C.D
> AcctTerminateCause Lost-Carrier
> Service-Type NAS-Prompt-User
> NASPortId 122, 123

I've seen similar requests from our Ascend Max'es. They rather bizarrely 
send radius requests with weird parameters asking for things like 
routes, banner messages and so forth.

Furthermore I found that unless you reject them outright the NAS will 
keep spamming you with them - I'm sure there's a way to turn it off, but 
I just ended up with this in my users' file:

DEFAULT Service-Type == Outbound-User, User-Password := 'ascend', 
Auth-Type := Reject
         Fall-Through = No

You also didn't say whether "A.B.C.D" was the IP of one of your NASes. 
In any case, you should use ethereal or something similar to capture the 
traffic and *LOOK* at it.

HTH



More information about the Freeradius-Users mailing list