I would also suggest moving freeradius to its own server that way when a new worm is released you wont have to keep changing your filters.
-Drew -----Original Message----- From: Alan DeKok [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 07, 2004 11:22 AM To: [EMAIL PROTECTED] Subject: Re: MSBlaster and Freeradius Josh Howlett <[EMAIL PROTECTED]> wrote: > My best guess is that the MSBlaster UDP from the user(s) is swamping the > kernel, resulting in RADIUS UDP packets getting lost. Yup. The kernel has a limited queue for incoming packets. > Has anyone else seen this, or have any suggestions? Put a firewall rule in to block the UDP port used by MSBlaster. No one else uses it for anything, so that block won't be too problematic. I'm not sure if system supports this, but you may be able to rate-limit the port. e.g. 10 packets/s are OK, >100 packets/s result in them all getting dropped. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html