[RADIATOR] A way to verify that the number of failed attempt is lesser than 3 in the las 30 minutes
Heikki Vatiainen
hvn at open.com.au
Fri May 24 08:25:21 CDT 2013
On 05/22/2013 09:44 PM, Jim Tyrrell wrote:
> Could you log failed auth attempts to a database table (AuthLog SQL?)
> and when a user connects have an initial AuthBy that checks this table
> 1st, and if they have 3 Auth failures in the last 30 minutes take the
> appropriate action:
This is a very interesting idea. In general, some kind of "memory" is
needed and AuthLog removes the need to keep a separate table just for
counting failed logins. Good stuff.
> eg If Authlog updates a table called authlog then have an AuthBy that
> has a query equivalent to:
The 'Blacklist' option might be useful here with 'NoCheckPassword' for
Pascal's case.
> SELECT Username FROM Radius.authlog
> WHERE Username= %0
> AND TIMESTAMP > ( UNIX_TIMESTAMP(now() - 1800)
> GROUP BY USERNAME
> HAVING COUNT(*) > 3
>
> We do a similar thing but in reverse. If the user has had a certain
> number of failed auths in the day then any subsequent Auth failures
> result in an automatic Access Accept that puts them into a walled garden
> for an hour, stops them hammering authentication with bad requests.
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list