fail2ban or similar concept

[Brantley Padgett]

Figured out how to turn off digest! whoohoo!!

> No, because you don't expose your RADIUS server to the world.

That is outside my control. We have clients all over the country, most with no means to tunnel private IP space between, so the decision was made. Had I been there when that decision was made I would've raised a hand, or a couple of middle fingers.

> that's exactly what fail2ban is for

Understood, that's kinda what I suspected but just wanted to double check.

Thank you & Alan for the pointers. 

Brantley Padgett 

The question is not how far. The question is, 
do you possess the constitution, 
the depth of faith, to go as far as is needed? 
            -Boondock Saints






On Thursday, September 1, 2022, 10:31:42 PM CDT, Matthew Newton <mcn at freeradius.org> wrote: 







On 02/09/2022 04:20, Brantley Padgett via Freeradius-Users wrote:
> I guess what I mean is for example, just combing through the logs of the soon to be retired server and I see one IP in particular that has made failed auth requests 1.9mil times since Jun 2022. That IP is not one of ours and it just seems to me reckless to allow that to happen unchecked.

Which is why you run RADIUS servers on internal back-end networks that 
are not publicly available.

Don't permit IPs that are not yours from having access to the RADIUS 
server in the first place.


> I wanted to check if freeradius had some form of limiting/banning built in that I just didn't understand before trying to make something like fail2ban work.


No, because you don't expose your RADIUS server to the world.

But if you have logs identify IPs you want to block, that's exactly what 
fail2ban is for - get it to add a firewall rule like you would do for 
any other service. As Alan said, FreeRADIUS already ignores any unknown 
clients anyway, so you'd just firewall out the noise.

-- 
Matthew
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html