Hi all,
It occassionally (sometimes frequently) happens that the NAS sends some control
characters as username and password. Could it be line noise or DOS? I'm not
quite sure. Here is a debug output (from the Home Server FRv0.8.1):
rad_recv: Access-Request packet from host x.x.x.100:1814, id=134, length=368
User-Name =
"\225\247+\037\230O:?}\263\334\374\310I\223\005\3174\226g\377%p8/\301\300\271\260MYT\021\t\340f\252\347\026\376\220,d\326\332#1e\247\246\346(\025\360\263\022\256\025\245\001\253]\005\310\240.$vo\357\326k\3756\316\007d^.\216\313\304\373\354A%\214\365-\367\027o"
User-Password =
"\315f\365+\266|z\210\3241\364'@\256\241\205\2468\271U\0060E\004\021\200\243\271\224\016<\036\230\224\333!'4\330\272O\366Oo)F\031\264\256\017\006T\240\343\025\024\205\252\021%G\247\362\346\273=\375H\007\201\372\250\361\2527\202\016\312\305)\277\305\204_\350\241\367\301\256\002\365?\365f?\242N\362\013"\325"
NAS-IP-Address = x.x.x.196
NAS-Identifier = "x.x.x.196"
NAS-Port = 1794
Acct-Session-Id = "117512730"
USR-Interface-Index = 3050
USR-Supports-Tags = 0
Service-Type = Login-User
USR-Chassis-Call-Slot = 8
USR-Chassis-Call-Span = 16
USR-Chassis-Call-Channel = 2
USR-Connect-Speed = NONE
NAS-Port-Type = Async
Proxy-State = 0x3936
rad_lowerpair: User-Name now
'?�+??o:?}����i??�4?g�%p8/����myt??�f��?�?,d��#1e���(?�?�?�?�]?�?.$vo��k�6�?d^.?����a%?�-�?o'
rad_rmspace_pair: User-Name now
'?�+??o:?}����i??�4?g�%p8/����myt?�f��?�?,d��#1e���(?�?�?�?�]?�?.$vo��k�6�?d^.?����a%?�-�?o'
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
users: Matched DEFAULT at 176
modcall[authorize]: module "files" returns ok
rlm_ldap: - authorize
rlm_ldap: performing user authorization for
?�+??o:?}����i??�4?g�%p8/����myt?�f��?�?,d��#1e���(?�?�?�?�]?�?.$vo��k�6�?d^.?����a%?�-�?o
radius_xlat:
'(uid=\225\247+\037\230o:?}\263\334\374\310i\223\005\3174\226g\377%p8/\301\300\271\260myt\021\340f\252\347\026\376\220,d\326\332#1e\247\246\346(\025\360\263\022\256\025\245\001\253]\005\310\240.$vo\357\326k\3756\316\007d^.\216\313\304\373\354a%\214\365-\367'
radius_xlat: 'ou=radius,dc=company,dc=com,dc=ph'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldap.compass.com.ph:389, authentication 0
rlm_ldap: bind as / to ldap.compass.com.ph:389
rlm_ldap: waiting for bind result ...
rlm_ldap: performing search in ou=radius,dc=company,dc=com,dc=ph, with filter
(uid=\225\247+\037\230o:?}\263\334\374\310i\223\005\3174\226g\377%p8/\301\300\271\260myt\021\340f\252\347\026\376\220,d\326\332#1e\247\246\346(\025\360\263\022\256\025\245\001\253]\005\310\240.$vo\357\326k\3756\316\007d^.\216\313\304\373\354a%\214\365-\367
rlm_ldap: ldap_search() failed: Bad search filter
rlm_ldap: search failed
ldap_release_conn: Release Id: 0
...and then it dies. Segmentation fault.
It's the same username and password values on the proxy server (FR v0.8.1).
It didn't crash the proxy server though. For sure, this is not a "secret"
problem.
Any suggestions on how to filter these kinds of username values?
Thanks!
regards,
Alexis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
