Radius should be smart enough to see that if the user isn't connecting and
if radius has just refused the connection due to the login limit that it
doesn't need to go to the database to refuse another login request in quick
series like this. If a reject is sent for a call because of login limit,
then that call should not cause radius to retry again and again simply
because the user keeps retrying. It's easy to create a DOS attack using
that. It should only do a login limit check on a new call. There should also
be a limit on the number of times it will check a bad username or password
which can also be used to create a DOS attack.
Geo.
> -----Original Message-----
> From: radiusnt-request@iea-software.com
> [mailto:radiusnt-request@iea-software.com]On Behalf Of Terry Bomersbach
> Sent: Wednesday, July 21, 1999 11:10 AM
> To: radiusnt@iea-software.com
> Subject: Re: [RadiusNT] ISDN HACK
>
>
> >What happens is after 10-20 seconds of this, he manages to get logged in
> >with the second line.
> >
> >Now it seems to me this is a bug in Radius that's allowing this
> to happen.
> >What I need is some way to stop it or a fix. Anyone got any ideas?
>
> It's not a RADIUS BUG, it's the NAS that has the problem. RADIUS
> does check
> for concurrency but the NAS is treating both connections as one
> call. Talk
> to your vendor.
>
>
>
> For more information about this list (including removal) go to:
> http://www.iea-software.com/support/maillists/liststart
>
For more information about this list (including removal) go to:
http://www.iea-software.com/support/maillists/liststart