> a) how would we identify the attack is taking place?
Im sure you are logging these events to a system log and they would look
like:
pma user: host ams.com admin login failed
(last message repeated 2 times)
You can only have 3 tries before it kicks you out.
> b) is it possible to stop it?
Of course...many ways but the EASIEST way is to set up an ifilter to block
any telnets OTHER than from SPECIFIC ip addresses.
And you can do the same thing for pmconsole (port 1643)
> c) Isn't the !root user a portmaster user and NOT a radius user?
Yes but again, just block incoming telnets to the port master with a
filter. Ive done it on customer's routers since nobody except our ROOT
server should be getting on there...
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~
Jake Messinger ph:713-772-6690 Lucent Dealer
AMS, Inc. fx:713-774-3498 Medical Billing
8300 Bissonnet #400 jake@ams.com Internet Services
Houston, Texas 77074 www.ams.com/~jake Business Management
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.
Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>