RADIUS Authentication

[nguyenvinht]

Thanks Arran,

Is packet-src-ip-address is a defined attribute in the huntgroups?
Do you know where I can find more documentation about configurating
huntgroups?
Any thoughts about how freeRADIUS can stop the naughty hosts?

Thanks in advance for your answers.
Vinh

Arran Cudbard-Bell wrote:
> 
> nguyenvinht wrote:
>> Thanks for replying.
>> I want to implement this through RADIUS Server. 
>> Looking for some code modification or new attributes to accomplish the
>> task.
>> 
>> Vinh.
>> 
>> 
>> tnt wrote:
>>> Allow everybody (who knows your secret) to use your radius server by
>>> entering 0.0.0.0/0 as client address in clents.conf. Use firewall to
>>> block access to radius ports for those specific IP addresses.
> 
> Allow everybody (who knows your secret) to use your radius server by
> entering 0.0.0.0/0 as client address in clents.conf.
> 
> Enter naughty hosts in naughty huntgroup.
> Check for naughty huntgroup and reject.
> 
> Huntgroups
> naughty      Packet-Src-IP-Address == naughtyhostone.com
> naughty      Packet-Src-IP-Address == 139.184.12.1
> naughty      Packet-Src-IP-Address == 127.0.0.1
> 
> Users
> DEFAULT Huntgroup-Name == "naughty", Auth-Type := Reject
> 
> Apparently RFC states that server must respond ... so unless you use a 
> firewall, naughty hosts will know the servers alive , and be able to 
> flood it with lots of requests.
> 
> Only way to get FreeRADIUS to be quiet is to modify the source.
> -- 
> Arran Cudbard-Bell (A.Cudbard-Bell at sussex.ac.uk)
> Authentication, Authorisation and Accounting Officer
> Infrastructure Services | ENG1 E1-1-08
> University Of Sussex, Brighton
> EXT:01273 873900 | INT: 3900
> - 
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 
> 

-- 
View this message in context: http://www.nabble.com/RADIUS-Authentication-tf3918468.html#a11257669
Sent from the FreeRadius - User mailing list archive at Nabble.com.