Re: [RadiusNT] ISDN HACK

Dale E. Reed Jr. ( (no email) )
Wed, 21 Jul 1999 10:43:15 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: Geo.: "RE: [RadiusNT] ISDN HACK"
Next message: Geo.: "RE: [RadiusNT] ISDN HACK"
Maybe in reply to: Geo.: "[RadiusNT] ISDN HACK"
Next in thread: Dale E. Reed Jr.: "Re: [RadiusNT] ISDN HACK"

Terry Bomersbach wrote:
>
> >Radius should be smart enough to see that if the user isn't connecting and
> >if radius has just refused the connection due to the login limit that it
> >doesn't need to go to the database to refuse another login request in quick
> >series like this. If a reject is sent for a call because of login limit,
> >then that call should not cause radius to retry again and again simply
> >because the user keeps retrying. It's easy to create a DOS attack using
> >that. It should only do a login limit check on a new call. There should
> also
> >be a limit on the number of times it will check a bad username or password
> >which can also be used to create a DOS attack.
>
> You should look at submitting an RFE (correct me if I'm wrong Dale) on this
> issue because the RFCs weren't set up to deal with ISDN or related
> connection issues but for dialup related connections. If I remember
> correctly ISDN doesn't actually dial.

This is already addresses in RadiusNT V3 and the smart caching.
ISDN does dial, but because the D channel is always on-line, its
real fast. :)

Dale E. Reed Jr. Emerald and RadiusNT__________________________________________IEA Software, Inc. www.iea-software.com

For more information about this list (including removal) go to:http://www.iea-software.com/support/maillists/liststart

Previous message: Geo.: "RE: [RadiusNT] ISDN HACK"
Next message: Geo.: "RE: [RadiusNT] ISDN HACK"
Maybe in reply to: Geo.: "[RadiusNT] ISDN HACK"
Next in thread: Dale E. Reed Jr.: "Re: [RadiusNT] ISDN HACK"