On 05/22/2013 09:44 PM, Jim Tyrrell wrote: > Could you log failed auth attempts to a database table (AuthLog SQL?) > and when a user connects have an initial AuthBy that checks this table > 1st, and if they have 3 Auth failures in the last 30 minutes take the > appropriate action:
This is a very interesting idea. In general, some kind of "memory" is needed and AuthLog removes the need to keep a separate table just for counting failed logins. Good stuff. > eg If Authlog updates a table called authlog then have an AuthBy that > has a query equivalent to: The 'Blacklist' option might be useful here with 'NoCheckPassword' for Pascal's case. > SELECT Username FROM Radius.authlog > WHERE Username= %0 > AND TIMESTAMP > ( UNIX_TIMESTAMP(now() - 1800) > GROUP BY USERNAME > HAVING COUNT(*) > 3 > > We do a similar thing but in reverse. If the user has had a certain > number of failed auths in the day then any subsequent Auth failures > result in an automatic Access Accept that puts them into a walled garden > for an hour, stops them hammering authentication with bad requests. -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
