Re: [RadiusNT] ISDN HACK

Dale E. Reed Jr. ( (no email) )
Wed, 21 Jul 1999 10:43:15 -0700

Terry Bomersbach wrote:
> >Radius should be smart enough to see that if the user isn't connecting and
> >if radius has just refused the connection due to the login limit that it
> >doesn't need to go to the database to refuse another login request in quick
> >series like this. If a reject is sent for a call because of login limit,
> >then that call should not cause radius to retry again and again simply
> >because the user keeps retrying. It's easy to create a DOS attack using
> >that. It should only do a login limit check on a new call. There should
> also
> >be a limit on the number of times it will check a bad username or password
> >which can also be used to create a DOS attack.
> You should look at submitting an RFE (correct me if I'm wrong Dale) on this
> issue because the RFCs weren't set up to deal with ISDN or related
> connection issues but for dialup related connections. If I remember
> correctly ISDN doesn't actually dial.

This is already addresses in RadiusNT V3 and the smart caching.
ISDN does dial, but because the D channel is always on-line, its
real fast. :)


Dale E. Reed Jr. Emerald and RadiusNT__________________________________________IEA Software, Inc.

For more information about this list (including removal) go to: