[VOPRadius] "Ghost users causing simultaneous login limit exceeded" (wholesale ports)

[Cary Fitch]

We use a different user name for "national customers"   [EMAIL PROTECTED] vs. just XXXXX for local users.   We don't list Global Pops numbers where we have our own. We buy ports, not accounts.    BTW GP also does total time limits over a rolling 30 day period for you if you like.   CF   Cary   ----- Original Message ----- From: Brad Johnson To: [EMAIL PROTECTED] Sent: Friday, May 21, 2004 10:52 AM Subject: [VOPRadius] "Ghost users causing simultaneous login limit exceeded" (wholesale ports) And� ? Your NAS users have a different profile and can�t travel � or can, but not to a GP number? Your GP users can�t use your NAS � or can but can login several times?   I�m trying to understand in what scenario this would be a solution.   Brad Johnson   Systems Administrator     Local Link Network Operations     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cary Fitch Sent: Friday, May 21, 2004 10:43 AM To: [EMAIL PROTECTED] Subject: [VOPRadius] "Ghost users causing simultaneous login limit exceeded" (wholesale ports)   Yes, we do.   Cary ----- Original Message ----- From: Brad Johnson To: [EMAIL PROTECTED] Sent: Friday, May 21, 2004 10:38 AM Subject: [VOPRadius] "Ghost users causing simultaneous login limit exceeded" (wholesale ports)   Heh, do you even have any of your own NAS? If so, do you allow multiple logins on those to, or do you restrict your users from traveling with their account?   If your suggestion was any kind of solution for me (or most of us for that matter) this thread wouldn�t have lived as long as it has.   Brad Johnson   Systems Administrator     Local Link Network Operations     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cary Fitch Sent: Friday, May 21, 2004 9:40 AM To: [EMAIL PROTECTED] Subject: [VOPRadius] "Ghost users causing simultaneous login limit exceeded" (wholesale ports)   Give them a profile that allows multiple logins and let Global Pops handle limits.    ("I keep saying this,over, and  over and over.")   Cary Fitch ----- Original Message ----- From: Gene DuCharme To: [EMAIL PROTECTED] Sent: Friday, May 21, 2004 9:30 AM Subject: [VOPRadius] "Ghost users causing simultaneous login limit exceeded" (wholesale ports)   The exact scenario that we get from GP is this:   User connects, everything is just fine. They disconnect gracefully. I look in my radius and they are still there, so the next time they try to log on they get invalid user and or pass.   Until I actually delete them from VOP Radius they cannot log back on.   This really makes it hard to sustain a nationwide presence or to recommend to our customers leaving the area to stay with us on our outside dial-ups.   There has to be a cure somewhere, somehow.  LOL     High Speed Internet at it's Best   Gene DuCharme Owner Inland North West Internet 401 S. Park St. Chewelah, Wa. 99109 [EMAIL PROTECTED] http://www.inwi.net tel: fax: mobile: 509-935-8923 509-935-8923 509-936-0633   Signature powered by Plaxo Want a signature like this? Add me to your address book... -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Gary Carr Sent: Friday, May 21, 2004 6:57 AM To: [EMAIL PROTECTED] Subject: [VOPRadius] "Ghost users causing simultaneous login limit exceeded" (wholesale ports) >GlobalPops position on all the watchdog/stop packet info is that they are UDP and there can be losses with no notification.      That is true but I see watchdog packets as another way to limit abuse, not a 100% sure method.   >Their ultimate ghosting and over use protection is from the logon caller ID. But not the caller ID that consumers get, the one internal to Telecom >Companies.  It can't be blocked.   Hmm, where does that internal caller ID come from that, and does it get passed to the NAS and onto the radius. That sounds very close to the port method that Aleron uses.   >If there are logons from the same number simultaniously, that is a ghost and the old one is "killed".  If they are from different numbers that is "abuse" and it >is allowed to a limit... with abusers duplicate (trust) privledges removed once they are a demonstrated abuser. (So many occurances, for instance.) >  >GP doesn't believe in Watchdog packets or for that matter Stop packets as "the truth".  Logons from the same or different numbers are proof positive.     Does GP have a per user cap on the amount of hours? Is so what happens if a user disconnects and doesn't reconnet until the next day or later. In that case the caller-id method would fail to remove the user in a timely manner.     That's pretty interesting. Will they give any more details about that. We were considering adding GlobalPOPs until this thread started. Still may if they have a way to pass the disconnected user information to our radius servers.       Gary