[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: anti-spoofing (VERY URGENT !!!)
From: "freeradius" <freeradius () urnet ! gr>
Date: 2003-02-27 19:22:42
[Download RAW message or body]
Dear all
We have a MAX TNT nas and now we have problems with spoofed icmp-echo and echo-reply \
packages. To sole the problem we must enable the Ascend-Source-IP-Check VSA reply for \
users authenticated from free radius. So I modified the clints.conf file to :
client A.B.C.D {
secret = somesecret
shortname = max
Ascend-Source-IP-Check[96]=1
}
After change radius does not complains about the new line but in debug output \
(radiusd -x -x) i cant see anything about this durring user authentication.
Is my radius propertly configuerd to send Ascend-Source-IP-Check ?
If yes how I can verify ?
If no how I can send this VSA from freeradius ?
Please not that we have cisco boxes also as clients of free radius.
How I can enable anti-spoofing for cisco dial-up users ?
Thanks
A. Lykiardopoulos
[Attachment #3 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-7">
<META content="MSHTML 6.00.2800.1141" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Dear all</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>We have a MAX TNT nas and now we have problems with
spoofed icmp-echo and echo-reply packages.</FONT></DIV>
<DIV><FONT face=Arial size=2>To sole the problem we must enable the
Ascend-Source-IP-Check VSA reply for users authenticated from free
radius.</FONT></DIV>
<DIV><FONT face=Arial size=2>So I modified the clints.conf file to
:</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>client A.B.C.D {</FONT></DIV>
<DIV><FONT face=Arial size=2> secret =
somesecret</FONT></DIV>
<DIV><FONT face=Arial size=2> shortname =
max</FONT></DIV>
<DIV><FONT face=Arial size=2>
Ascend-Source-IP-Check[96]=1</FONT></DIV>
<DIV><FONT face=Arial size=2>}</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>After change radius does not complains about the
new line but in debug output (radiusd -x -x) i cant see anything about this
durring user authentication.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Is my radius propertly configuerd to send
Ascend-Source-IP-Check ?</FONT></DIV>
<DIV><FONT face=Arial size=2>If yes how I can verify ?</FONT></DIV>
<DIV><FONT face=Arial size=2>If no how I can send this VSA from freeradius
?</FONT></DIV>
<DIV><FONT face=Arial size=2>Please not that we have cisco boxes also as
clients of free radius.</FONT></DIV>
<DIV><FONT face=Arial size=2>How I can enable anti-spoofing for cisco dial-up
users ?</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Thanks</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>A. Lykiardopoulos</FONT></DIV></BODY></HTML>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic