RE: (RADIATOR) authby radius
This is how I do it and it works great. The in the realm handler will continue to forward the acct packets to the end-point Radius server after it writes to our local database. The AuthBy GlobalAcct is the identifier for the that handles the local database insert. Identifier GlobalAcct IgnoreAuthentication DBSource dbi:Sybase:server=*** DBUsername *** DBAuth *** AuthByPolicy ContinueAlways AuthBy GlobalAcct Host 202.202.202.9 Secret secret AuthPort 812 AcctPort 813 Retries 2 Dave -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of tracker Sent: Wednesday, September 10, 2003 8:49 PM To: [EMAIL PROTECTED] Subject: (RADIATOR) authby radius Hi all, Is it possible to store the accounting record of a user if my server just acts as proxy? If so, how? Example, below is my config for the realm domain.com Host202.202.202.9 Secret secret AuthPort 812 AcctPort 813 Retries 2 I want to have a copy of the accounting of users for domain.com and i will store it in mysql. Thanks. -- jaws --- Computer system security is a journey, not a destination === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) MAx TNT Filter -- Actual FILTER
All, For those of you that rely on upsteam providers that have not put any filters in place. I've come up with an Ascend-Data-Filter that seems to work. I haven't had a chance to test is in full production, but it works on all of my Ascend gear, so please test it before you use it. It drops all icmp traffic into the NAS and out to the Internet. This obviously causes some problems, but joeuser shouldn't know the difference. Does anyone have any comments? Ascend-Data-Filter="ip in forward tcp est", Ascend-Data-Filter="ip in forward dstip X.X.X.0/24", Ascend-Data-Filter="ip in drop tcp dstport=25", Ascend-Data-Filter="ip in drop tcp srcport = 135", Ascend-Data-Filter="ip in drop tcp srcport=80", Ascend-Data-Filter="ip in drop icmp", Ascend-Data-Filter="ip in forward", Ascend-Data-Filter="ip out drop tcp dstport = 135", Ascend-Data-Filter="ip out drop icmp", Ascend-Data-Filter="ip out forward" Thanks, Dave -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sean Watkins Sent: Monday, August 25, 2003 9:23 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: (RADIATOR) MAx TNT Filter -- Actual FILTER TNT Users: Apologize: I know I am posting to multiple lists, but multiple lists with Ascend users.. none so far have posted and numerous are asking for it... Including myself! Hopefully recommendations will follow After several hours of trial and error - after I setup the recommended Cisco filters upstream from TNT equipment. I have been constantly watching log entries, to find people blasting away with ICMP/UDP Port 135/ TCP Port 137 the most. I have come up a filter, for the TNT: new FILTER set filter-name = pre-nachi2 set input-filters 1 valid-entry = yes set input-filters 1 Type = ip-filter set input-filters 1 ip-filter protocol = 6 set input-filters 1 ip-filter Dst-Port-Cmp = eql set input-filters 1 ip-filter dest-port = 135 set input-filters 2 valid-entry = yes set input-filters 2 Type = ip-filter set input-filters 2 ip-filter protocol = 17 set input-filters 2 ip-filter Dst-Port-Cmp = eql set input-filters 2 ip-filter dest-port = 137 set input-filters 3 valid-entry = yes set input-filters 3 forward = yes set input-filters 3 Type = ip-filter set input-filters 3 ip-filter protocol = 1 set input-filters 3 ip-filter dest-address-mask = 255.255.255.255 set input-filters 3 ip-filter dest-address = X.X.X.X set input-filters 4 valid-entry = yes set input-filters 4 Type = ip-filter set input-filters 4 ip-filter protocol = 1 set input-filters 5 valid-entry = yes set input-filters 5 forward = yes set input-filters 5 Type = ip-filter write -f ; This filter blocks UDP Port 135, tcp port 137, allows ICMP to X.X.X.X, drops all other ICMP, and then allows any other traffic out. Basically, X.X.X.X is a machine here we can use to have customers ping us/ we ping them. This filter seems to work for 90% of people, but for unknown reasons, ICMP still seems to leak in. Any ideas? I'm applying this filter to data under answer-defaults, session-info. I've set iproute-cache-enable = no, Disabled proxy arp... Everything. Still we are dropping packets at peak times left right and center for unknown reasons. show ip cache flow on upstream Cisco gear shows basically regular traffic. Ideas/comments etc? Sean > > > - Original Message - > From: "Dave Birkbeck" <[EMAIL PROTECTED]> > To: "'Tony Bunce'" <[EMAIL PROTECTED]>; "'Sean Watkins > (northrock)'" > <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Monday, August 25, 2003 7:27 PM > Subject: RE: (RADIATOR) MAx TNT & MSBlast > > >> All, >> >> In addition to having the ACL's that Cisco recommends. Has anyone come >> up with a Radius ascend-data-filter that will slow down the spread of >> these crazy viruses? Or better yet, a filter that will block ICMP. >> >> Again, I know this is probably not the list for this discussion, but >> this topic is definitely for the greater good of the Internet. >> >> That being said does anyone know of a list that discusses various NAS >> topics? === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) MAx TNT & MSBlast
All, In addition to having the ACL's that Cisco recommends. Has anyone come up with a Radius ascend-data-filter that will slow down the spread of these crazy viruses? Or better yet, a filter that will block ICMP. Again, I know this is probably not the list for this discussion, but this topic is definitely for the greater good of the Internet. That being said does anyone know of a list that discusses various NAS topics? Thanks, Dave -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Bunce Sent: Friday, August 22, 2003 10:38 AM To: Sean Watkins (northrock); [EMAIL PROTECTED] Subject: RE: (RADIATOR) MAx TNT & MSBlast This problem is actually caused by the "good" blaster worm nachi Nachi pings a host before it trys to spread so it doesn't waist its time on non-existent hosts. The problem is that each one of those pings generates an arp request and with such a high number of pings MAX TNT boxes can't handle the high number of arp request and lock up or reboot The ping has a specific signature, 92byes all AA as the content, that you can create a policy map for Cisco has an article on how to block Nachi ICMP traffic on your inbound router interface http://www.cisco.com/warp/public/707/cisco-sn-20030820-nachi.shtml Hope that helps Thanks, Tony B, CCNA, Network+ Systems Administration GO Concepts, Inc. / www.go-concepts.com Are you on the GO yet? What about those you know, are they on the GO? 513.934.2800 1.888.ON.GO.YET -Original Message- From: Sean Watkins (northrock) [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 11:41 AM To: [EMAIL PROTECTED] Subject: (RADIATOR) MAx TNT & MSBlast Hi, I know this isn't the place, but any MAX TNT users out there seeing weird card failures begining with the onslaught of MSBlast? I saw a news.com article about it... however I can't find any more info. Anyone know of any active ascend / lucent tnt mailing lists? Sean Article Text: In addition, network administrators reported on a newsgroup that telecommunications equipment maker Lucent Technologies' TNT MAX network gateway crashed due to some interaction with traffic created by the MSBlast worms. A representative for the company confirmed that Lucent was investigating the issue, but couldn't supply details. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Radiator & Radar conflict
I’ve noticed the same problem. Sometimes it will crash within just a couple minutes of debugging and other times it takes longer. Dave -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Herman verschooten Sent: Thursday, June 19, 2003 11:18 AM To: [EMAIL PROTECTED] Subject: (RADIATOR) Radiator & Radar conflict Hi, I have noticed that keeping Radar open all the time on debug-logging sometimes freezes Radiator... Has anyone else noticed this? Just closing Radar start everything up again. Herman
RE: (RADIATOR) multiple radius process
Hello, What about running multiple instances of Radiator with two totally different configs and logs. Is this possible? Thanks, Dave -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Blayzor Sent: Thursday, June 05, 2003 8:57 AM To: Mike McCauley; jaws Cc: Radiator Subject: Re: (RADIATOR) multiple radius process On 6/5/03 2:20 AM, "Mike McCauley" <[EMAIL PROTECTED]> wrote: > On Thu, 5 Jun 2003 03:58 pm, jaws wrote: >> Got it. That means i can also use the same config file? > > Yes, if you use the -auth_port and -acct_port command linet flags. > > Cheers. Be careful on this. If you have entries in the config that use files for logs, etc, the two processes could step on each other causing a major problem. -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] PGP: http://www.inoc.net/~dev/ Key fingerprint = A445 7D1E 3D4F A4EF 6875 21BB 1BAA 10FE 5748 CFE9 Hackers have kernel knowledge. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Rodopi & Radiator
Tim, What does your config look like? Also, what does your freetds.conf look like? David Birkbeck Network Engineer IKANO Communications mailto:[EMAIL PROTECTED] (801)415-8022 Phone & FAX -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tim Jung Sent: Wednesday, February 05, 2003 2:51 PM To: [EMAIL PROTECTED] Subject: (RADIATOR) Rodopi & Radiator Ok I have all the DBD Sybase SQL stuff and FreeTDS installed now. It appears that it connects to my database server but it never replies back to any of the requests. Below are the debug sessions of what I am seeing. Anyone have any ideas as to what the problem might be? Tim Jung System Admin Internet Gateway [EMAIL PROTECTED] radpwtst -s 206.142.60.79 -user [EMAIL PROTECTED] -pass testing -secret testing -auth_port 1645 -acct_port 1646 -trace 1 sending Access-Request... No reply sending Accounting-Request Start... No reply sending Accounting-Request Stop... No reply --- /usr/bin/radiusd -config_file /etc/radiator/radius.cfg Wed Feb 5 16:45:45 2003: DEBUG: Finished reading configuration file '/etc/radiator/radius.cfg' This Radiator license will expire on 2003-06-01 This Radiator license will stop operating after 1000 requests To purchase an unlimited full source version of Radiator, see http://www.open.com.au/ordering.html To extend your evaluation period, contact [EMAIL PROTECTED] Wed Feb 5 16:45:46 2003: DEBUG: Reading dictionary file '/etc/radiator/dictionary' Wed Feb 5 16:45:47 2003: DEBUG: Creating authentication port 0.0.0.0:1645 Wed Feb 5 16:45:47 2003: DEBUG: Creating accounting port 0.0.0.0:1646 Wed Feb 5 16:45:47 2003: INFO: Server started: Radiator 3.5 on radius.igateway.net (DEMO) Wed Feb 5 17:13:37 2003: DEBUG: Packet dump: *** Received from 206.142.60.79 port 1053 Packet length = 108 01 ba 00 6c 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 01 18 74 65 73 74 69 6b 61 6e 6f 40 69 67 61 74 65 77 61 79 2e 6e 65 74 06 06 00 00 00 02 04 06 cb 3f 9a 01 05 06 00 00 04 d2 1e 0b 31 32 33 34 35 36 37 38 39 1f 0b 39 38 37 36 35 34 33 32 31 3d 06 00 00 00 00 02 12 5f 0b cb fb 06 66 b3 71 a9 ae 09 a1 07 78 87 21 Code: Access-Request Identifier: 186 Authentic: 1234567890123456 Attributes: User-Name = "[EMAIL PROTECTED]" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = "123456789" Calling-Station-Id = "987654321" NAS-Port-Type = Async User-Password = "_<11><203><251><6>f<179>q<169><174><9><161><7>x<135>!" Wed Feb 5 17:13:37 2003: DEBUG: Handling request with Handler 'Realm=igateway.net' Wed Feb 5 17:13:37 2003: DEBUG: Rewrote user name to testikano Wed Feb 5 17:13:37 2003: DEBUG: Deleting session for [EMAIL PROTECTED], 203.63.154.1, 1234 Wed Feb 5 17:13:37 2003: DEBUG: Handling with Radius::AuthRODOPI Wed Feb 5 17:13:37 2003: DEBUG: Handling with Radius::AuthRODOPI: Wed Feb 5 17:13:38 2003: DEBUG: Query is: exec Interface_VircomUsers 'testikano' === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Blocking Access by Called-Station-Id
All, I am in the process of setting up a blacklist of access numbers. I would like to use an instead ofsince my list is so small. Can someone help me with the syntax of the file? So far this is what I have. IgnoreAccounting AuthByPolicy ContinueUntilAccept RewriteUsername s/^([^@]+).*/$1/ NoDefault Filename %D/badnumbers # -- User Auth Section --- DBSource dbi:Sybase:server=* DBUsername ** DBAuth ** In the badnumbers file I have the following syntax and I cannot seem to get it to work. Any help would be greatly appreciated. Called-Station-Id = "4356080200" Auth-Type = Reject Called-Station-Id = "6080200" Auth-Type = Reject DEFAULT Auth-Type = Accept # --- End of file --- Thanks, Dave