On Fri, Dec 16, 2011 at 9:17 PM, Alan DeKok wrote:
> That is distinctly anti-social behavior from whoever owns the NAS.
Agreed.
>
> Another solution is to use RADIUS. :)
>
> Set up a proxy for ONLY that NAS. Call it "A". Have it proxy ALL
> packets to the local proxy you're already running,
Nathan M wrote:
> Thanks for the input. As previously mentioned, it's not what I would
> really consider a peak load issue, but more of a DOS from a
> mis-configured or poorly managed NAS, which is entirely outside of our
> control; however, we have to accept packets from it and have no
> ability
On Fri, Dec 16, 2011 at 5:18 AM, Alan DeKok wrote:
>
> People generally upgrade their systems to deal with peak loads.
>
Thanks for the input. As previously mentioned, it's not what I would
really consider a peak load issue, but more of a DOS from a
mis-configured or poorly managed NAS, which is
Nathan M wrote:
> @Fajar - the intent in having them dropped is exactly that. I don't
> want the end-user trying to authenticate to fail authentication, I do
> want the NAS to retry. I just want to control how quickly it can
> retry from my end.
RADIUS doesn't work like that.
> If anyone else
On Fri, Dec 16, 2011 at 1:02 AM, Nathan M wrote:
> @Fajar - the intent in having them dropped is exactly that. I don't
> want the end-user trying to authenticate to fail authentication, I do
> want the NAS to retry. I just want to control how quickly it can
> retry from my end.
Have you actuall
I appreciate the replies and suggestions to upgrade the SQL
infrastructure. What I'm attempting to do is to basically limit a
friendly DOS attack. I think throttling the offender is a better
approach than adding more hardware in this case. Maybe inside
freeradius isn't the answer, and maybe a fi
Hi,
> Error: rlm_sql (sql): There are no DB handles to use!
improve your SQL performance - eg use InnoDB instead of myISAM , or postgresQL
instead of MySQL
increase number of PERL and SQL instances
use another 'non-inline' method to handle the accounting - so its buffered
and put into DB when
On Thu, Dec 15, 2011 at 9:11 AM, Nathan M wrote:
> I have a setup such as:
>
> NAS > Freeradius Proxy > Freeradius Auth
>
> Periodically the NAS (different company and outside of my control)
> gets rebooted and when it starts up it sends thousands of simultaneous
> requests to the radius proxy, w
I have a setup such as:
NAS > Freeradius Proxy > Freeradius Auth
Periodically the NAS (different company and outside of my control)
gets rebooted and when it starts up it sends thousands of simultaneous
requests to the radius proxy, which in turn forwards them all to the
appropriate freeradius a
9 matches
Mail list logo
