Re: [RadiusNT] ISDN HACK

Brian Lube ( )
Wed, 21 Jul 1999 12:48:52 -0400

Well... it could be a setting issue as well.

The portmaster should have a setting (I believe that it does) to handle a
large number of bad password attempts. All of my equipment gives you 3
attempts (username not null) and then kicks you out. Now if the portmaster
code is not doing that, it would be a portmaster issue. What are you
seeing for accounting packets? When the person gets their second b channel
up are you getting their username/password ever in the accounting records?


At 11:12 AM 7/21/99 -0500, you wrote:
> >Radius should be smart enough to see that if the user isn't connecting and
> >if radius has just refused the connection due to the login limit that it
> >doesn't need to go to the database to refuse another login request in quick
> >series like this. If a reject is sent for a call because of login limit,
> >then that call should not cause radius to retry again and again simply
> >because the user keeps retrying. It's easy to create a DOS attack using
> >that. It should only do a login limit check on a new call. There should
> >be a limit on the number of times it will check a bad username or password
> >which can also be used to create a DOS attack.
>You should look at submitting an RFE (correct me if I'm wrong Dale) on this
>issue because the RFCs weren't set up to deal with ISDN or related
>connection issues but for dialup related connections. If I remember
>correctly ISDN doesn't actually dial.
>For more information about this list (including removal) go to:

Brian Lube
System Administrator

For more information about this list (including removal) go to: