Hello Luis
We also tried it, using the trash string you mentioned bellow, but
after few seconds we got back the logon prompt. Note that we don't use
LDAP.
If I were you I should try the following:
RewriteUsername tr/a-zA-Z0-9_\.\@//dc
It filters out anything except letters, numbers, underscore, '.' and '@'
I think a reasonable login name should pass this filter
Janos SUTO.
On Thu, 30 Nov 2000, Dave Kitabjian wrote:
> I believe it's a BUG.
>
> Please see my post from last week:
>
> "Radiator/LDAP hangs on binary username!"
>
> to which no one has replied yet, where I described a similar experience.
> Again, AuthBy CDB never misbehaved with these binary usernames, but AuthBy
> LDAP2 will hang Radiator completely.
>
> It's pretty easy to reproduce: telnet to your NAS IP, and when it asks for
> username or login, enter something like:
>
> ���pZ_S^�G*�_��g�_�<BQ����?4y,�h�Mpt��.h__`��_OE�*�v
>
> Bingo. Radiator is trashed. What's worse is that if you have multiple
> Radiator/LDAP servers for redundancy, the NAS will retry until it brings
> down ALL the servers :(
>
> At the moment, we're testing:
>
> RewriteUsername tr#!-'/+-~/##cd
>
> which should strip out all non-printable characters (and a few others),
> which seems to patch the bug so far. But the whole issue makes me pretty
> nervous.
>
> Dave
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
> > Behalf Of Luis Alves
> > Sent: Thursday, November 30, 2000 9:03 AM
> > To: [EMAIL PROTECTED]
> > Subject: (RADIATOR) What is this? A bug, a DOS attack?
> >
> >
> >
> > Hi,
> >
> > Something strange happened with my Radiator Servers. The
> > servers freezed,
> > ignoring all the requests that were made by the NAS.
> >
> > Although, the process of Radiator was alive and taking the
> > usual resources
> > from the server.
> >
> > When I checked the log messages in SQL, I saw this strange
> > message (where
> > XXX.XXX.XXX.XXX is the NAS IP address and YYY the port):
> >
> > Deleting session for
> > �YZp}+����pZ_S^�G*�_��g�_�<BQ����?4y,�h�Mpt��.h__`��_OE�*�vl�+
> > l��_]_"�ף^-""
> > T�...H_�V_(�-D�oe��{_� �:�_ DG�e������z�#_� :, XXX.XXX.XXX.XXX, YYY
> >
> > I use Radiator-2.16.3 with authentication in LDAP and loging is MYSQL
> >
> > What is this? A bug, a DOS attack?
> >
> > Thank's in advance
> >
> > ===
> > Archive at http://www.starport.net/~radiator/
> > Announcements on [EMAIL PROTECTED]
> > To unsubscribe, email '[EMAIL PROTECTED]' with
> > 'unsubscribe radiator' in the body of the message.
> >
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
