Re: [RadiusNT] ISDN HACK

Info Desk ( )
Wed, 21 Jul 1999 08:42:40 -0700

In other Radius servers I have tested there is a lock out limit for bad
passwords. That keeps these attacks to a minimum. It would be nice if this
was a feature.

"Geo." wrote:

> Concurrency works fine, that's not the problem. The problem is when radius
> gets overloaded with reject requests that the user is getting in. The other
> problem is that someone with a single login account and an ISDN modem set to
> dial for a dual connection can basically cause a DOS situation in that they
> flood emerald with login requests.
> Radius should be smart enough to see that if the user isn't connecting and
> if radius has just refused the connection due to the login limit that it
> doesn't need to go to the database to refuse another login request in quick
> series like this. If a reject is sent for a call because of login limit,
> then that call should not cause radius to retry again and again simply
> because the user keeps retrying. It's easy to create a DOS attack using
> that. It should only do a login limit check on a new call. There should also
> be a limit on the number of times it will check a bad username or password
> which can also be used to create a DOS attack.
> Geo.
> > -----Original Message-----
> > From:
> > []On Behalf Of Terry Bomersbach
> > Sent: Wednesday, July 21, 1999 11:10 AM
> > To:
> > Subject: Re: [RadiusNT] ISDN HACK
> >
> >
> > >What happens is after 10-20 seconds of this, he manages to get logged in
> > >with the second line.
> > >
> > >Now it seems to me this is a bug in Radius that's allowing this
> > to happen.
> > >What I need is some way to stop it or a fix. Anyone got any ideas?
> >
> > It's not a RADIUS BUG, it's the NAS that has the problem. RADIUS
> > does check
> > for concurrency but the NAS is treating both connections as one
> > call. Talk
> > to your vendor.
> >
> >
> >
> > For more information about this list (including removal) go to:
> >
> >
> For more information about this list (including removal) go to:

For more information about this list (including removal) go to: