Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(ASCEND) Couple ideas on how to filter spoofed addresses on Maxen




ObVendorComplaint:  There should be a "no spoofing" flag.  The first
vendor to create one is also the next vendor to get my business.

There appear to be a couple easy ways to do this at the ISP end, the 
first sending back a data filter attribute like "ip in forward srcip 
1.2.3.4/32" along with the authentication (you replace the 1.2.3.4 with
the Framed-Address the max send you with the authentication).  I seem to 
have sucessfully hacked abinary support in Livingston radius 2.0, I 
might give the a shot first.

Another way is to enable the radius server on the max, and use the cexample
program to send a filter to each user after loggin in.  I've hacked the
/etc/raddb/online stuff into Livingston radius 2.0, it would a simple
matter to have a cron job look there every 5 minutes and add filters to
anyone who has recently logged in.  Even with the esva hacks, you could
probably get a list of active ip addresses/users via SNMP and loop
through them one at a time.  Cexample works like this...

./cexample -H yourmax -K topsecret -P 1700 -i 1.2.3.4 -d "ip in forward srcip 1.2.3.4/32"

Has anyone implemented either technique?  On any platform?  We have 
Maxen, Portmaster, and both flavors of USR chassis here, so any idea
on how to do the same for them would be welcome.

-- 
Aaron Nabil
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>


Follow-Ups: