(RADIATOR) Duplicate kinda requests
Matthew Trout
MatthewTrout at businessserve.co.uk
Wed Feb 19 05:08:49 CST 2003
If you don't want to use a 'trapped' IP, consider giving them (say)
127.3.3.3, or something else on the loopback range ... dunno if the NAS etc.
will accept it, but if they will your user will be sandboxed onto sending
pakcets loopbacj, so they won't even be sending out onto your network (note
- this is an idea, not a recommendation; YMMV)
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: Wednesday, February 19, 2003 6:22 AM
> To: Craig Gittens
> Cc: Radiator
> Subject: Re: (RADIATOR) Duplicate kinda requests
>
>
>
> Hello Craig -
>
> Unfortunately, just ignoring the request is only likely to
> make things
> worse, as your NAS equipment will then mark the radius server
> as "down"
> and then nothing will work (not to mention the retries that
> will happen
> as well).
>
> I like the "trapped" IP address idea better.
>
> regards
>
> Hugh
>
>
> On Wednesday, Feb 19, 2003, at 01:08 Australia/Melbourne,
> Craig Gittens
> wrote:
>
> > I understand but I still think it would make a great feature!
> >
> > Craig.
> >
> > -----Original Message-----
> > From: jlewis at lewis.org [mailto:jlewis at lewis.org]
> > Sent: Monday, February 17, 2003 6:37 PM
> > To: Hugh Irvine
> > Cc: Craig Gittens; Radiator
> > Subject: Re: (RADIATOR) Duplicate kinda requests
> >
> >
> > Why not let them authenticate, but give them an IP that
> won't get them
> > anywhere but to one web page that says they've been disabled for
> > billing
> > reasons.
> >
> > On Tue, 18 Feb 2003, Hugh Irvine wrote:
> >
> >>
> >> Hello Craig -
> >>
> >> I understand the problem - unfortunately there is nothing
> Radiator can
> >> do to rate-limit a mis-behaving client device.
> >>
> >> Perhaps you could put a filter on one of your routers to drop the
> >> "bad"
> >> requests?
> >>
> >> regards
> >>
> >> Hugh
> >>
> >>
> >> On Tuesday, Feb 18, 2003, at 01:02 Australia/Melbourne,
> Craig Gittens
> >> wrote:
> >>
> >>> I know Radiator isn't the problem. I just want a way to
> rate-limit
> >>> the
> >>> amount of failed authentication attempts.
> >>>
> >>> e.g. If the user/pass fails twice in three seconds =
> ignore the user
> >>> request
> >>> for another x seconds.
> >>>
> >>> Is this possible? If not would it be a good idea for a
> feature? You
> >>> should
> >>> see my console it just scrolls by on trace 3 with one username
> >>> failing
> >>> 2-3
> >>> times a second.
> >>>
> >>> Craig.
> >>>
> >>> -----Original Message-----
> >>> From: owner-radiator at open.com.au
> >>> [mailto:owner-radiator at open.com.au]On
> >>> Behalf Of Hugh Irvine
> >>> Sent: Sunday, February 16, 2003 5:33 PM
> >>> To: Craig Gittens
> >>> Cc: Radiator
> >>> Subject: Re: (RADIATOR) Duplicate kinda requests
> >>>
> >>>
> >>>
> >>> Hello Craig -
> >>>
> >>> The problem here is that Radiator is not the source of
> the problem.
> >>>
> >>> The correct answer would be to remove power from the ADSL modem.
> >>>
> >>> What do you want Radiator to do?
> >>>
> >>> regards
> >>>
> >>> Hugh
> >>>
> >>>
> >>> On Monday, Feb 17, 2003, at 05:07 Australia/Melbourne,
> Craig Gittens
> >>> wrote:
> >>>
> >>>> I have a problem with ADSL users we authenticate here.
> They pound
> >>>> the
> >>>> server
> >>>> right now with 2-3 requests every second if their account has
> >>>> expired.
> >>>>
> >>>> How would you handle this? They are not duplicate requests.
> >>>>
> >>>> TIA,
> >>>>
> >>>> Craig.
> >>>>
> >>>> ===
> >>>> Archive at http://www.open.com.au/archives/radiator/
> >>>> Announcements on radiator-announce at open.com.au
> >>>> To unsubscribe, email 'majordomo at open.com.au' with
> >>>> 'unsubscribe radiator' in the body of the message.
> >>>>
> >>>>
> >>>
> >>> --
> >>> Radiator: the most portable, flexible and configurable
> RADIUS server
> >>> anywhere. Available on *NIX, *BSD, Windows 95/98/2000,
> NT, MacOS X.
> >>> -
> >>> Nets: internetwork inventory and management - graphical,
> extensible,
> >>> flexible with hardware, software, platform and database
> independence.
> >>>
> >>> ===
> >>> Archive at http://www.open.com.au/archives/radiator/
> >>> Announcements on radiator-announce at open.com.au
> >>> To unsubscribe, email 'majordomo at open.com.au' with
> >>> 'unsubscribe radiator' in the body of the message.
> >>>
> >>>
> >>
> >> --
> >> Radiator: the most portable, flexible and configurable
> RADIUS server
> >> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> >> -
> >> Nets: internetwork inventory and management - graphical,
> extensible,
> >> flexible with hardware, software, platform and database
> independence.
> >>
> >> ===
> >> Archive at http://www.open.com.au/archives/radiator/
> >> Announcements on radiator-announce at open.com.au
> >> To unsubscribe, email 'majordomo at open.com.au' with
> >> 'unsubscribe radiator' in the body of the message.
> >>
> >
> >
> ----------------------------------------------------------------------
> > Jon Lewis *jlewis at lewis.org*| I route
> > System Administrator | therefore you are
> > Atlantic Net |
> > _________ http://www.lewis.org/~jlewis/pgp for PGP public
> key_________
> >
> >
> >
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20030219/cac26e7b/attachment.html>
More information about the radiator
mailing list