[AusNOG] Draytek 130 blank username/passwords

Dobbins, Roland Roland.Dobbins at netscout.com
Tue Jun 22 20:18:31 EST 2021

> On 22 Jun 2021, at 14:12, Benjamin Ricardo <ben.ricardo at acs.com.au> wrote:
> I was hoping to get an indication from other providers on how they handle these “blank” authentications hitting their radius servers and whether this is a wide spread problem as it became a huge problem for us.

How many pps are these devices generating, in aggregate, for each of the Radius servers they’re pummeling?  If it’s a relatively low value, perhaps upgrading the Radius servers is in order?

Is there maybe a packet-size classifier hook you could use to filter out the empty requests vs. legitimate ones which include credentials?

If you’ve some kind of device which allows packet filtering with sufficient capacity to handle the load, and sufficient granularity to filter out the blank authentication requests whilst allowing useful ones through, that might also be an option.

Roland Dobbins <roland.dobbins at netscout.com>

More information about the AusNOG mailing list