(RADIATOR) Tarpitting auth requests from naughty users..

Thu May 8 15:32:35 CDT 2003

Hello Robert, Hello Dave -

As Dave says, there is sadly nothing that Radiator can do, as it is the 
NAS that is sending the requests in response to actions by the end 
user's device. If Radiator just ignores the request, the device will 
retry anyway, and if Radiator rejects the request the same thing will 
also occur.

regards

Hugh

On Friday, May 9, 2003, at 06:07 Australia/Melbourne, Dave Kitabjian 
wrote:

> We continue to have the same problem day and night. One ISDN customer
> has no idea how he's sending us the requests. Somehow it doesn't matter
> that he's paying per-minute charges to have the ISDN line running 
> around
> the clock...for years...pounding us with Access-Requests.
>
> Tarpitting is a great idea. But I'm not sure how it can work, since
> NASes are designed to retry or move to a secondary server if Radiator
> doesn't reply. It seems like the tarpitting would have to be enforced 
> by
> the NAS.
>
> Ah, but then it would be really cool if it could be controlled via
> Radiator. For example, an Access-Request comes in from IdiotUser so
> Radiator sends by an Access-Reject along with a Reply Item:
>
> 	Tarpit-Seconds = 300
>
> which tells the NAS to hold the line for 10 seconds before rejecting
> him. Hmm, but then I guess that essentially enables IdiotUser to deny
> service to other customers by hogging up more trunk time. Plus, if it's
> automated, he's just going to keep on auto-dialing.
>
> Maybe if Radiator could send an attribute all the way back to the trunk
> group:
>
> 	Caller-Id-Block = <IdiotUser's CallerId>
>
> so the call never completes, keeping the trunks free and Radiator
> untouched. The only thing better than that might be if Radiator can 
> send
> an attribute all the way back to the caller's modem:
>
> 	Enable-Electric-Voltage = 750V
> 	Set-Electric-Duration = 5s
>
> Dave
> :)
>
>
>> -----Original Message-----
>> From: Robert Blayzor [mailto:noc at inoc.net]
>> Sent: Thursday, May 08, 2003 8:59 AM
>> To: radiator at open.com.au
>> Subject: (RADIATOR) Tarpitting auth requests from naughty users..
>>
>>
>> We have a braindead customer somewhere that has a DSL modem or
>> PPPoE client that's making a bad auth request (failed login)
>> every 10 seconds. It's been going on for weeks.  It's bloating
>> up our failed login table and bloating up log files.  While I
>> know the obveious solution is to apply LART and disconnect the
>> user, that always isn't the best answer when management jumps
>> down your throat about it.  Long story.
>>
>> Anyway, can Radiator tarpit or ignore bad requests for the
>> same login attempt (username, password and client pair) for a
>> certain period of time if the same auth fails X number of
>> times within a specific period.
>>
>> Ie:  If a client sends the same bad auth request 10 times
>> within a two minute period, ignore the requests for 60 minutes.
>>
>> Thanks in advance.
>>
>> --
>> Robert Blayzor, BOFH
>> INOC, LLC
>> rblayzor at inoc.net
>>
>> BOFH excuse #245: The Borg tried to assimilate your system,
>> resistance is futile
>>
>>
>> ===
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.