One thing to do is make sure you have the bad-password delay timer set to a good value (3-5 seconds or so). This won't help much if the hacker is using a threaded process to generate the packets however.
Since it is coming from a server you have authorized, there is not a lot you can do with a firewall. You might want to consider having two sets of radius servers sharing a common database. One would be behind your firewall serving you internal requests. The second would be for your proxies. That way, only the proxy requests will be affected during the hacks. Make sure that you limit the number of server threads and have the above mentioned timer set properly on your server so it doesn't flood the database with requests. I suspect others may have even better ideas. Tim > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Stefan > Auweiler > Sent: Wednesday, June 18, 2003 11:06 AM > To: [EMAIL PROTECTED] > Subject: Radius security > > > Hello all, > > How can I prevent to be flooded by RADIUS packets from an IP address? > At first, I tried to deny the 1812/1813 ports from all IP's which does not > have any RADIUS relation to my RADIUS Server using access lists. > But then I > found the case, where I have to open the Ports to an external downstream > RADIUS proxy server, which has to respond to my RADIUS requests. This > external server has also to send his UDP packet to my 1812/1813 port. > > What do I need to prevent the case, where somebody has hacked the external > RADIUS server and intentionally starts flooding my server or this external > sever simply runs amok? > > Thank you. > > Regards Stefan > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
