date=2016-08-19 time=08:37:29 logid=0102038666 type=event subtype=user level=notice vd="root" logdesc="RADIUS accounting event" carrier_ep="32348956215" srcip=10.20.0.164 rsso_key="N/A" msg="RADIUS accounting event" acct_stat=Interim-Update
FG300B-7 # diag sniffer packet any "port 1813" 6 0 a
FG300B-7 # show full-configuration ips custom RADIUS-Acct-Update-Discard
config ips custom
edit "RADIUS-Acct-Update-Discard"
set signature "F-SBID( --attack_id 6461; --name \"RADIUS.Acct-Update.Discard\"; --protocol udp; --dst_port 1813; --pattern \"|28 06 00 00 00 03|\"; )"
set severity medium
unset location
unset os
unset application
set protocol RADIUS
set status enable
set log enable
set log-packet enable
set action block
set comment ''
next
end
FG300B-7 # show ips sensor Radius-test
config ips sensor
edit "Radius-test"
config entries
edit 1
set rule 6461
set status enable
set log-packet enable
set log-attack-context enable
set action block
next
end
next
end
FG300B-7 # show firewall interface-policy
config firewall interface-policy
edit 1
set logtraffic all
set interface "port3"
set srcaddr "Rad-srv"
set dstaddr "all"
set service "RADIUS"
set ips-sensor-status enable
set ips-sensor "Radius-test"
next
end
diag debug app ipsengine 255
FG300B-7 # L2 packet: vf:0 dev:12 view:1 policy:1 size:86
(xlr--1) log request 1
attack_id=6461 app=0 client=1 reversed=0 opaque=0x1
fds 6461
log ips 6461
(xlr--1) log request 2
handle a ring (count: 1)
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.