RADIUS Authentication
nguyenvinht
nguyenvinht81 at yahoo.com
Fri Jun 15 00:47:15 CEST 2007
Thanks Arran.
How and where do I implement those codes in AIX RADIUS? Doable on AIX
RADIUS?
Vinh
Arran Cudbard-Bell wrote:
>
> nguyenvinht wrote:
>> Thanks for replying.
>> I want to implement this through RADIUS Server.
>> Looking for some code modification or new attributes to accomplish the
>> task.
>>
>> Vinh.
>>
>>
>> tnt wrote:
>>> Allow everybody (who knows your secret) to use your radius server by
>>> entering 0.0.0.0/0 as client address in clents.conf. Use firewall to
>>> block access to radius ports for those specific IP addresses.
>
> Allow everybody (who knows your secret) to use your radius server by
> entering 0.0.0.0/0 as client address in clents.conf.
>
> Enter naughty hosts in naughty huntgroup.
> Check for naughty huntgroup and reject.
>
> Huntgroups
> naughty Packet-Src-IP-Address == naughtyhostone.com
> naughty Packet-Src-IP-Address == 139.184.12.1
> naughty Packet-Src-IP-Address == 127.0.0.1
>
> Users
> DEFAULT Huntgroup-Name == "naughty", Auth-Type := Reject
>
> Apparently RFC states that server must respond ... so unless you use a
> firewall, naughty hosts will know the servers alive , and be able to
> flood it with lots of requests.
>
> Only way to get FreeRADIUS to be quiet is to modify the source.
> --
> Arran Cudbard-Bell (A.Cudbard-Bell at sussex.ac.uk)
> Authentication, Authorisation and Accounting Officer
> Infrastructure Services | ENG1 E1-1-08
> University Of Sussex, Brighton
> EXT:01273 873900 | INT: 3900
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
--
View this message in context: http://www.nabble.com/RADIUS-Authentication-tf3918468.html#a11130279
Sent from the FreeRadius - User mailing list archive at Nabble.com.
More information about the Freeradius-Users
mailing list