(RADIATOR) Tarpitting auth requests from naughty users..

Dave Kitabjian dave at netcarrier.com
Thu May 8 15:07:49 CDT 2003 

We continue to have the same problem day and night. One ISDN customer
has no idea how he's sending us the requests. Somehow it doesn't matter
that he's paying per-minute charges to have the ISDN line running around
the clock...for years...pounding us with Access-Requests.

Tarpitting is a great idea. But I'm not sure how it can work, since
NASes are designed to retry or move to a secondary server if Radiator
doesn't reply. It seems like the tarpitting would have to be enforced by
the NAS.

Ah, but then it would be really cool if it could be controlled via
Radiator. For example, an Access-Request comes in from IdiotUser so
Radiator sends by an Access-Reject along with a Reply Item:

	Tarpit-Seconds = 300

which tells the NAS to hold the line for 10 seconds before rejecting
him. Hmm, but then I guess that essentially enables IdiotUser to deny
service to other customers by hogging up more trunk time. Plus, if it's
automated, he's just going to keep on auto-dialing.

Maybe if Radiator could send an attribute all the way back to the trunk
group:

	Caller-Id-Block = <IdiotUser's CallerId>

so the call never completes, keeping the trunks free and Radiator
untouched. The only thing better than that might be if Radiator can send
an attribute all the way back to the caller's modem:

	Enable-Electric-Voltage = 750V
	Set-Electric-Duration = 5s

Dave
:)


>-----Original Message-----
>From: Robert Blayzor [mailto:noc at inoc.net] 
>Sent: Thursday, May 08, 2003 8:59 AM
>To: radiator at open.com.au
>Subject: (RADIATOR) Tarpitting auth requests from naughty users..
>
>
>We have a braindead customer somewhere that has a DSL modem or 
>PPPoE client that's making a bad auth request (failed login) 
>every 10 seconds. It's been going on for weeks.  It's bloating 
>up our failed login table and bloating up log files.  While I 
>know the obveious solution is to apply LART and disconnect the 
>user, that always isn't the best answer when management jumps 
>down your throat about it.  Long story.
>
>Anyway, can Radiator tarpit or ignore bad requests for the 
>same login attempt (username, password and client pair) for a 
>certain period of time if the same auth fails X number of 
>times within a specific period.
>
>Ie:  If a client sends the same bad auth request 10 times 
>within a two minute period, ignore the requests for 60 minutes.  
>
>Thanks in advance.
>
>--
>Robert Blayzor, BOFH
>INOC, LLC
>rblayzor at inoc.net
>
>BOFH excuse #245: The Borg tried to assimilate your system, 
>resistance is futile 
>
>
>===
>Archive at http://www.open.com.au/archives/radiator/
>Announcements on radiator-announce at open.com.au
>To unsubscribe, email 'majordomo at open.com.au' with
>'unsubscribe radiator' in the body of the message.
>
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list