(RADIATOR) Tarpitting agressive users

[Robert Blayzor]

I know we bought this up in the past, but I'm not really sure we ever 
discussed an "end all" solution for this problem.

The problem we see from time to time is a "run away" PPPoE client just 
loses it's mind and consantly auths, disconnects, auths, disconnects, 
... every second or two.

I just found a user or two that have been doing this for weeks and it's 
polluting our RADIUS accounting SQL logs with MILLIONS of rows just from 
this one user.

I'm wondering if Radiator can be modified or configured to tarpit these 
types of run away clients.  I'm looking for something I can set a 
threshhold within a certain period of time and then set a "lock out 
period".  ie:

If a user logs in more than 100 times within an hour, fail auth for two 
hours.  Ideally it would be nice to log (only once) that the user has 
been tarpitted and then log send anything to the auth log until the 
period expires.

I know this is probably not that easy to do and I'm not looking for 
something that will create more SQL transactioins.  I'm willing to 
consume more RAM (which is available) over doing a SQL table to keep 
track of this.

Are there any good examples to maybe write a PreHandler hook that can 
use a persistant hash of arrays where I could store the user at realm in 
the hash with the number of logins, etc.  I'd need to have this hash 
survive each time the sub is exited.  Something tells me this would 
require a Radiator modification.  Am I wrong?

TIA

-Robert

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.