Thanks Arran. How and where do I implement those codes in AIX RADIUS? Doable on AIX RADIUS?
Vinh Arran Cudbard-Bell wrote: > > nguyenvinht wrote: >> Thanks for replying. >> I want to implement this through RADIUS Server. >> Looking for some code modification or new attributes to accomplish the >> task. >> >> Vinh. >> >> >> tnt wrote: >>> Allow everybody (who knows your secret) to use your radius server by >>> entering 0.0.0.0/0 as client address in clents.conf. Use firewall to >>> block access to radius ports for those specific IP addresses. > > Allow everybody (who knows your secret) to use your radius server by > entering 0.0.0.0/0 as client address in clents.conf. > > Enter naughty hosts in naughty huntgroup. > Check for naughty huntgroup and reject. > > Huntgroups > naughty Packet-Src-IP-Address == naughtyhostone.com > naughty Packet-Src-IP-Address == 139.184.12.1 > naughty Packet-Src-IP-Address == 127.0.0.1 > > Users > DEFAULT Huntgroup-Name == "naughty", Auth-Type := Reject > > Apparently RFC states that server must respond ... so unless you use a > firewall, naughty hosts will know the servers alive , and be able to > flood it with lots of requests. > > Only way to get FreeRADIUS to be quiet is to modify the source. > -- > Arran Cudbard-Bell ([EMAIL PROTECTED]) > Authentication, Authorisation and Accounting Officer > Infrastructure Services | ENG1 E1-1-08 > University Of Sussex, Brighton > EXT:01273 873900 | INT: 3900 > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -- View this message in context: http://www.nabble.com/RADIUS-Authentication-tf3918468.html#a11130279 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
