I wouldn't expect radius accounting to log attempts. Its much easier to
have the authenticating code do the logging. Its a one word change to
have radius write the attempts to syslog.
Any good security system will do logging of all attempts (good and bad)
as well as inhibiting a systematic attack.
To the ISPs reading this, you probably have already been broken into and
someone is using your customer's accounts for free access.
Roy
MegaZone wrote:
>
> Once upon a time Roy shaped the electrons to say...
> >Someone is trying to break in by trying userid/password combinations.
> >COMOS seems to disconnect after three invalid tries when using the logon
> >prompt but this does not happen with PAP.
>
> Normally in PPP you make a best effort at convergence, as long as the
> client is willing to try you work with it. If you want this behavior
> changed I would talk to support about an RFE.
>
> >Also note that Radius 2.01 will no log these attempts. This error is
>
> RADIUS accounting is not meant to be used in this manner. It logs
> successful connections only, not attempts. It is not supposed to log
> attempts. Logging failed attempts is beyond the scope of RADIUS accounting,
> and would cause trouble for existing tools. RADIUS provides debugging (as
> you are using) to look at other things - like attempts.
>
> -MZ
> --
> Livingston Enterprises - Chair, Department of Interstitial Affairs
> Phone: 800-458-9966 510-737-2100 FAX: 510-737-2110 megazone@livingston.com
> For support requests: support@livingston.com <http://www.livingston.com/>
> Snail mail: 4464 Willow Road, Pleasanton, CA 94588
> -
> To unsubscribe, email 'majordomo@livingston.com' with
> 'unsubscribe portmaster-users' in the body of the message.
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.