'Re: [EXTERNAL] How mitigate mac spoofing in mab'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: [EXTERNAL] How mitigate mac spoofing in mab
From:       Arran Cudbard-Bell <a.cudbardb () freeradius ! org>
Date:       2019-02-26 3:12:36
Message-ID: B8AEEDF0-8089-41C2-82E5-CC4C3890C502 () freeradius ! org
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


> On Feb 9, 2019, at 1:58 AM, Carlos Bordon <cgermanb@live.com.ar> wrote:
> 
> 
> The second thing you can do is on the FreeRADIUS side, which is to use a Simultaneous Use
> database to prevent MAB requests from different ports at near the same time
> from being accepted.  However, this can be problematic.  If you are updating the
> Simultaneous Use database based on edge switch Accounting packets, then the
> edge switch may leave stale sessions open and continue to send updates after a host
> is unplugged and moved by the user to another port... especially if a minihub has
> been attached to the network and the link stays up.  Then when the user gets to the
> place they have moved, they cannot get on the network because Simultaneous Use
> thinks they are an imposter.
> 
> this is great!
> how can I do this?

So you read all the caveats and ways it can break and you're still enthusiastic? I feel for your users.

-Arran

["signature.asc" (signature.asc)]

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE6VbEmJeQrF8361hu/6TVgp+218oFAlx0rqQACgkQ/6TVgp+2
18pe2w//RVH15cSEmDfQv0khh22wSBzIywNoPwmzZVRxhZLXwaKttnnbtOhrCOPJ
OY6+StITOtHXc5YtXH76E3SLfR66QWkDSA6tyrKVYAuuOKlITid5YTVJsfmS4ZFq
/N2pQ6cFK1qFPSvgVyom1VlPrRViBp0TSUGb8KpEuWubCn5NRFOUVNia+QmvsSl4
Y55Av1lbyymxasIjxGDTlxDykSQHEwHCsvsCYQiPWik3NmyWkyC2Z6hw5vIGoAjg
eSwHnyyvetpiKzzPfZqcOCv7zGozKqd2hErS1n7IBqFfKoXlWUe91+RYmt/qxtrM
SYpBRDmPm2X0aF0V7hZKrdIvMNnWRQHu6LfUkvhit46MuyhJ7S05fPxqoU7dSmHK
0pjT1dr3Joh4rig1oo90RjBMXpTnp6ZVtlPcVWA2L5myhLhLZN+dyWSgF7OOgj4o
rOsCVom6R2OXgnnnszU865Asz0qy5/WMXovJZBXj2grmrQs48f+sl+CBnU1u9jqe
dnZC4765Pj43XS+jDTFCs1RjHO28fDGFqZ8fWPsOL4m3BB5zkDbzd2dbuvIzGVaS
IsxP8UzfF+BgPl6fxnZB94rSlctEY+V4y2VgQIImriNFx5ZATVIcBU+U9quQMhh/
MLPEyOBnWyZBZZ5JHgKn3LCxCZtbtQdPTUJRk5dc4onv1LLvdMk=
=67oV
-----END PGP SIGNATURE-----

[Attachment #6 (text/plain)]

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic