Re: [RadiusNT] ISDN HACK

Terry Bomersbach ( (no email) )
Wed, 21 Jul 1999 11:12:31 -0500

>Radius should be smart enough to see that if the user isn't connecting and
>if radius has just refused the connection due to the login limit that it
>doesn't need to go to the database to refuse another login request in quick
>series like this. If a reject is sent for a call because of login limit,
>then that call should not cause radius to retry again and again simply
>because the user keeps retrying. It's easy to create a DOS attack using
>that. It should only do a login limit check on a new call. There should
>be a limit on the number of times it will check a bad username or password
>which can also be used to create a DOS attack.

You should look at submitting an RFE (correct me if I'm wrong Dale) on this
issue because the RFCs weren't set up to deal with ISDN or related
connection issues but for dialup related connections. If I remember
correctly ISDN doesn't actually dial.

For more information about this list (including removal) go to: