Page 1 of 1

pppoe - too many auth fail with strange username

Posted: 17 Feb 2018, 15:25
by rafael
RU -> pppoe - слишком много ошибок auth с странным именем пользователя
BR -> pppoe - muitas falhas de autenticação com usuário estranho.
.
.
RU -> Эта ошибка возникает, когда сервер загружен ~ 750 аутентифицированными клиентами.
EN -> This error occurs when the server is loaded with ~750 authenticated clients.
BR -> Este erro ocorre com ~750 clientes autenticados.
[root@caule ~]# ./HistoricoAccel
0Q4R63 a9elizianym: authentication failed
[2018-02-17 13:17:50]: info: ppp594: ^^janainag: authentication failed
[2018-02-17 13:17:51]: info: ppp705: genilsonds: authentication failed
ZUJQ? e9suelias: authentication failed
T5167 f3elizianym: authentication failed
0T5ZU0 d4janainag: authentication failed
[2018-02-17 13:17:54]: info: ppp756: ~ygenilsonds: authentication failed
S4JA1 d1janainag: authentication failed
[2018-02-17 13:17:57]: info: ppp225: a:E2IMUU8rCPIMNOQ81jehpJY3rRIDRcb::genilsonds: authentication failed
[2018-02-17 13:17:58]: info: ppp594: suelias: authentication failed
[2018-02-17 13:17:58]: info: ppp705: elizianym: authentication failed
[2018-02-17 13:18:00]: info: ppp705: ingridd: authentication failed
[2018-02-17 13:18:01]: info: ppp216: ~gsuelias: authentication failed
[2018-02-17 13:18:01]: info: ppp225: ~delizianym: authentication failed
[2018-02-17 13:18:02]: info: ppp705: ingridd: authentication failed
[2018-02-17 13:18:01]: info: ppp594: janainag: authentication failed
[2018-02-17 13:18:04]: info: ppp594: a:E2IMUU8rA1yHxY7n3lH6l7nN9XVajQM::suelias: authentication failed
[2018-02-17 13:18:04]: info: ppp216: a:E2IMUU8rdvuYkisd5bOCdLGgJwG3uvR::elizianym: authentication failed
[2018-02-17 13:18:04]: info: ppp225: ~Hjanainag: authentication failed
[2018-02-17 13:18:07]: info: ppp225: a:E2IMUU8rdnXTzk5PYtNY4F4mS52ihJR::janainag: authentication failed
^C[root@caule ~]#

Re: pppoe - too many auth fail with strange username

Posted: 19 Feb 2018, 18:47
by dimka88
Hi, strings numbers 5,6,7 don't have timestamp in accel-ppp.log?

Re: pppoe - too many auth fail with strange username

Posted: 20 Feb 2018, 09:49
by Dmitry
looks like some brute force or dos attack

Re: pppoe - too many auth fail with strange username

Posted: 06 Aug 2018, 13:32
by rafael
BR: O problema persiste, e agora o servidor está reiniciando.
RU: Проблема сохраняется, и теперь сервер перезагружается.
EN: The problem persists, and now the server is restarting.



accel-ppp.log
[2018-08-06 10:06:54]: info: ppp1345: connect: ppp1345 <--> pppoe(70:4F:57:47:C0:8D)
[2018-08-06 10:06:54]: info: ppp1345: send [RADIUS(1) Access-Request id=1 <User-Name "Valdineit"> <NAS-Identifier "caule"> <NAS-IP-Address 127.0.0.1> <NAS-Port 1345> <NAS-Port-Id "ppp1345"> <NAS-Port-Type Virtual> <Service-Type Framed-User> <Framed-Protocol PPP> <Calling-Station-Id "70:4F:57:47:C0:8D"> <Called-Station-Id "fibradez4.3961"> <Acct-Session-Id "0000000000088c6f"> <CHAP-Challenge > <CHAP-Password >]
[2018-08-06 10:06:54]: info: ppp1345: recv [RADIUS(1) Access-Accept id=1 <Framed-Protocol PPP> <Framed-Compression Van-Jacobson-TCP-IP><Siscafé Recebimento-Envio "5500/1000"><Mikrotik Mikrotik-Rate-Limit "1000k/5500k 1200k/6600k 1100k/6050k 30/30 8 700k/3850k">]
[2018-08-06 10:06:54]: info: ppp1345: Valdineit: authentication succeeded
[2018-08-06 10:06:54]: warn: ppp1345: IPV6CP: discarding packet
[2018-08-06 10:06:54]: info: ppp1345: disconnected
[2018-08-06 10:06:55]: info: ppp1345: connect: ppp1345 <--> pppoe(58:10:8C:92:AC:20)
[2018-08-06 10:06:56]: info: ppp1345: send [RADIUS(1) Access-Request id=1 <User-Name "jennifer"> <NAS-Identifier "caule"> <NAS-IP-Address 127.0.0.1> <NAS-Port 1345> <NAS-Port-Id "ppp1345"> <NAS-Port-Type Virtual> <Service-Type Framed-User> <Framed-Protocol PPP> <Calling-Station-Id "58:10:8C:92:AC:20"> <Called-Station-Id "fibradez4.3961"> <Acct-Session-Id "0000000000088c70"> <CHAP-Challenge > <CHAP-Password >]
[2018-08-06 10:06:57]: info: ppp1345: recv [RADIUS(1) Access-Reject id=1]
[2018-08-06 10:06:57]: info: ppp1345: jennifer: authentication failed
[2018-08-06 10:06:57]: info: jennifer: authentication failed
[2018-08-06 10:06:57]: info: ppp1345: disconnected
[2018-08-06 10:06:57]: info: ppp1345: connect: ppp1345 <--> pppoe(58:10:8C:92:AC:20)
[2018-08-06 10:06:57]: info: ppp1345: send [RADIUS(1) Access-Request id=1 <User-Name "jennifer"> <NAS-Identifier "caule"> <NAS-IP-Address 127.0.0.1> <NAS-Port 1345> <NAS-Port-Id "ppp1345"> <NAS-Port-Type Virtual> <Service-Type Framed-User> <Framed-Protocol PPP> <Calling-Station-Id "58:10:8C:92:AC:20"> <Called-Station-Id "fibradez4.3961"> <Acct-Session-Id "0000000000088c71"> <CHAP-Challenge > <CHAP-Password >]
[2018-08-06 10:06:58]: info: ppp1345: recv [RADIUS(1) Access-Reject id=1]
[2018-08-06 10:06:58]: info: ppp1345: jennifer: authentication failed
[2018-08-06 10:06:58]: info: jennifer: authentication failed
[2018-08-06 10:06:58]: info: ppp1345: disconnected
[2018-08-06 10:06:58]: info: ppp1345: connect: ppp1345 <--> pppoe(58:10:8C:92:AC:20)
[2018-08-06 10:06:58]: info: ppp1345: send [RADIUS(1) Access-Request id=1 <User-Name "jennifer"> <NAS-Identifier "caule"> <NAS-IP-Address 127.0.0.1> <NAS-Port 1345> <NAS-Port-Id "ppp1345"> <NAS-Port-Type Virtual> <Service-Type Framed-User> <Framed-Protocol PPP> <Calling-Station-Id "58:10:8C:92:AC:20"> <Called-Station-Id "fibradez4.3961"> <Acct-Session-Id "0000000000088c72"> <CHAP-Challenge > <CHAP-Password >]
[2018-08-06 10:06:59]: info: ppp1345: recv [RADIUS(1) Access-Reject id=1]
[2018-08-06 10:06:59]: info: ppp1345: jennifer: authentication failed
[2018-08-06 10:06:59]: info: jennifer: authentication failed
[2018-08-06 10:06:59]: info: ppp1345: disconnected
[2018-08-06 10:06:59]: info: ppp1345: connect: ppp1345 <--> pppoe(58:10:8C:92:AC:20)
[2018-08-06 10:06:59]: info: ppp1345: send [RADIUS(1) Access-Request id=1 <User-Name "jennifer"> <NAS-Identifier "caule"> <NAS-IP-Address 127.0.0.1> <NAS-Port 1345> <NAS-Port-Id "ppp1345"> <NAS-Port-Type Virtual> <Service-Type Framed-User> <Framed-Protocol PPP> <Calling-Station-Id "58:10:8C:92:AC:20"> <Called-Station-Id "fibradez4.3961"> <Acct-Session-Id "0000000000088c73"> <CHAP-Challenge > <CHAP-Password >]
[2018-08-06 10:07:00]: info: ppp714: disconnected
[2018-08-06 10:07:00]: info: ppp1345: recv [RADIUS(1) Access-Reject id=1]
[2018-08-06 10:07:00]: info: ppp1345: jennifer: authentication failed
[2018-08-06 10:07:00]: info: jennifer: authentication failed
[2018-08-06 10:07:00]: info: ppp1345: disconnected
[2018-08-06 10:07:00]: info: ppp1345: connect: ppp1345 <--> pppoe(58:10:8C:92:AC:20)
[2018-08-06 10:07:00]: info: ppp1345: send [RADIUS(1) Access-Request id=1 <User-Name "jennifer"> <NAS-Identifier "caule"> <NAS-IP-Address 127.0.0.1> <NAS-Port 1345> <NAS-Port-Id "ppp1345"> <NAS-Port-Type Virtual> <Service-Type Framed-User> <Framed-Protocol PPP> <Calling-Station-Id "58:10:8C:92:AC:20"> <Called-Station-Id "fibradez4.3961"> <Acct-Session-Id "0000000000088c74"> <CHAP-Challenge > <CHAP-Password >]
[2018-08-06 10:07:01]: info: ppp1345: recv [RADIUS(1) Access-Reject id=1]
[2018-08-06 10:07:01]: info: ppp1345: jennifer: authentication failed
[2018-08-06 10:07:01]: info: jennifer: authentication failed
[2018-08-06 10:07:01]: info: ppp1345: disconnected
[2018-08-06 10:07:05]: info: ppp1345: connect: ppp1345 <--> pppoe(C8:E7:D8:6D:80:81)
[2018-08-06 10:07:05]: info: ppp1345: send [RADIUS(1) Access-Request id=1 <User-Name "escolamc"> <NAS-Identifier "caule"> <NAS-IP-Address 127.0.0.1> <NAS-Port 1345> <NAS-Port-Id "ppp1345"> <NAS-Port-Type Virtual> <Service-Type Framed-User> <Framed-Protocol PPP> <Calling-Station-Id "C8:E7:D8:6D:80:81"> <Called-Station-Id "fibradez4.3961"> <Acct-Session-Id "0000000000088c75"> <CHAP-Challenge > <CHAP-Password >]
[2018-08-06 10:07:05]: info: ppp145: connect: ppp145 <--> pppoe(58:10:8C:92:AC:20)
[2018-08-06 10:07:06]: info: ppp145: send [RADIUS(1) Access-Request id=1 <User-Name "jennifer"> <NAS-Identifier "caule"> <NAS-IP-Address 127.0.0.1> <NAS-Port 145> <NAS-Port-Id "ppp145"> <NAS-Port-Type Virtual> <Service-Type Framed-User> <Framed-Protocol PPP> <Calling-Station-Id "58:10:8C:92:AC:20"> <Called-Station-Id "fibradez4.3961"> <Acct-Session-Id "0000000000088c76"> <CHAP-Challenge > <CHAP-Password >]
[2018-08-06 10:07:06]: info: ppp1345: recv [RADIUS(1) Access-Reject id=1]
[2018-08-06 10:07:06]: info: ppp1345: escolamc: authentication failed
[2018-08-06 10:07:06]: info: escolamc: authentication failed
[2018-08-06 10:07:07]: info: ppp1346: send [RADIUS(1) Accounting-Request id=1 <User-Name "carinasm"> <NAS-Identifier "caule"> <NAS-IP-Address 127.0.0.1> <NAS-Port 1346> <NAS-Port-Id "ppp1346"> <NAS-Port-Type Virtual> <Service-Type Framed-User> <Framed-Protocol PPP> <Calling-Station-Id "C8:E7:D8:6D:BA:31"> <Called-Station-Id "fibra1"> <Acct-Status-Type Start> <Acct-Authentic RADIUS> <Acct-Session-Id "0000000000088c6a"> <Acct-Session-Time 0> <Acct-Input-Octets 0> <Acct-Output-Octets 0> <Acct-Input-Packets 0> <Acct-Output-Packets 0> <Acct-Input-Gigawords 0> <Acct-Output-Gigawords 0> <Framed-IP-Address 172.17.243.99> <Framed-Interface-Id 0:0:0:0> <Framed-IPv6-Prefix 2804:2b0c:beba:578::/64>]
[2018-08-06 10:07:07]: info: ppp1346: recv [RADIUS(1) Accounting-Response id=1]
[2018-08-06 10:07:07]: info: ppp714: connect: ppp714 <--> pppoe(70:4F:57:47:C0:8D)
[2018-08-06 10:07:07]: info: ppp714: send [RADIUS(1) Access-Request id=1 <User-Name "Valdineit"> <NAS-Identifier "caule"> <NAS-IP-Address 127.0.0.1> <NAS-Port 714> <NAS-Port-Id "ppp714"> <NAS-Port-Type Virtual> <Service-Type Framed-User> <Framed-Protocol PPP> <Calling-Station-Id "70:4F:57:47:C0:8D"> <Called-Station-Id "fibradez4.3961"> <Acct-Session-Id "0000000000088c77"> <CHAP-Challenge > <CHAP-Password >]
[2018-08-06 10:07:07]: info: ppp714: recv [RADIUS(1) Access-Accept id=1 <Framed-Protocol PPP> <Framed-Compression Van-Jacobson-TCP-IP><Siscafé Recebimento-Envio "5500/1000"><Mikrotik Mikrotik-Rate-Limit "1000k/5500k 1200k/6600k 1100k/6050k 30/30 8 700k/3850k">]
[2018-08-06 10:07:07]: info: ppp714: Valdineit: authentication succeeded
[2018-08-06 10:07:07]: warn: ppp714: IPV6CP: discarding packet
[2018-08-06 10:07:07]: info: ppp714: disconnected
[2018-08-06 10:07:07]: info: ppp145: recv [RADIUS(1) Access-Reject id=1]
[2018-08-06 10:07:07]: info: ppp145: jennifer: authentication failed
[2018-08-06 10:07:07]: info: jennifer: authentication failed
[2018-08-06 10:07:07]: info: ppp145: disconnected
[2018-08-06 10:07:07]: info: ppp145: connect: ppp145 <--> pppoe(58:10:8C:92:AC:20)
[2018-08-06 10:07:07]: info: ppp145: send [RADIUS(1) Access-Request id=1 <User-Name "jennifer"> <NAS-Identifier "caule"> <NAS-IP-Address 127.0.0.1> <NAS-Port 145> <NAS-Port-Id "ppp145"> <NAS-Port-Type Virtual> <Service-Type Framed-User> <Framed-Protocol PPP> <Calling-Station-Id "58:10:8C:92:AC:20"> <Called-Station-Id "fibradez4.3961"> <Acct-Session-Id "0000000000088c78"> <CHAP-Challenge > <CHAP-Password >]
[2018-08-06 10:07:07]: info: ppp1345: disconnected
[2018-08-06 10:07:07]: info: ppp1345: connect: ppp1345 <--> pppoe(58:10:8C:88:E5:BD)
[2018-08-06 10:07:08]: info: ppp1345: send [RADIUS(1) Access-Request id=1 <User-Name "gabrielf"> <NAS-Identifier "caule"> <NAS-IP-Address 127.0.0.1> <NAS-Port 1345> <NAS-Port-Id "ppp1345"> <NAS-Port-Type Virtual> <Service-Type Framed-User> <Framed-Protocol PPP> <Calling-Station-Id "58:10:8C:88:E5:BD"> <Called-Station-Id "fibra1"> <Acct-Session-Id "0000000000088c79"> <CHAP-Challenge > <CHAP-Password >]
[2018-08-06 10:07:08]: info: ppp1345: recv [RADIUS(1) Access-Accept id=1 <Framed-Protocol PPP> <Framed-Compression Van-Jacobson-TCP-IP><Siscafé Recebimento-Envio "11000/2000"><Mikrotik Mikrotik-Rate-Limit "2000k/11000k 2400k/13200k 2200k/12100k 30/30 8 1400k/7700k">]
[2018-08-06 10:07:08]: info: ppp1345: gabrielf: authentication succeeded
[2018-08-06 10:07:08]: info: ppp1345: send [RADIUS(1) Accounting-Request id=1 <User-Name "gabrielf"> <NAS-Identifier "caule"> <NAS-IP-Address 127.0.0.1> <NAS-Port 1345> <NAS-Port-Id "ppp1345"> <NAS-Port-Type Virtual> <Service-Type Framed-User> <Framed-Protocol PPP> <Calling-Station-Id "58:10:8C:88:E5:BD"> <Called-Station-Id "fibra1"> <Acct-Status-Type Start> <Acct-Authentic RADIUS> <Acct-Session-Id "0000000000088c79"> <Acct-Session-Time 0> <Acct-Input-Octets 0> <Acct-Output-Octets 0> <Acct-Input-Packets 0> <Acct-Output-Packets 0> <Acct-Input-Gigawords 0> <Acct-Output-Gigawords 0> <Framed-IP-Address 172.17.243.104> <Framed-Interface-Id 5a10:8cff:fe88:e5bd> <Framed-IPv6-Prefix 2804:2b0c:beba:57d::/64>]
[2018-08-06 10:07:08]: info: ppp1345: recv [RADIUS(1) Accounting-Response id=1]
[2018-08-06 10:07:08]: info: ppp145: recv [RADIUS(1) Access-Reject id=1]
[2018-08-06 10:07:08]: info: ppp145: jennifer: authentication failed
[2018-08-06 10:07:08]: info: jennifer: authentication failed
[2018-08-06 10:07:08]: info: ppp145: disconnected
[2018-08-06 10:07:08]: info: ppp145: connect: ppp145 <--> pppoe(58:10:8C:92:AC:20)
[2018-08-06 10:07:08]: info: ppp714: connect: ppp714 <--> pppoe(C8:E7:D8:6D:80:81)
[2018-08-06 10:07:08]: info: ppp714: send [RADIUS(1) Access-Request id=1 <User-Name "2:BMPNC1Cp"> <NAS-Identifier "caule"> <NAS-IP-Address 127.0.0.1> <NAS-Port 714> <NAS-Port-Id "ppp714"> <NAS-Port-Type Virtual> <Service-Type Framed-User> <Framed-Protocol PPP> <Calling-Station-Id "C8:E7:D8:6D:80:81"> <Called-Station-Id "fibradez4.3961"> <Acct-Session-Id "0000000000088c7b"> <CHAP-Challenge > <CHAP-Password >]
[2018-08-06 10:07:08]: info: ppp145: send [RADIUS(1) Access-Request id=1 <User-Name "jennifer"> <NAS-Identifier "caule"> <NAS-IP-Address 127.0.0.1> <NAS-Port 145> <NAS-Port-Id "ppp145"> <NAS-Port-Type Virtual> <Service-Type Framed-User> <Framed-Protocol PPP> <Calling-Station-Id "58:10:8C:92:AC:20"> <Called-Station-Id "fibradez4.3961"> <Acct-Session-Id "0000000000088c7a"> <CHAP-Challenge > <CHAP-Password >]
[2018-08-06 10:07:09]: info: ppp714: recv [RADIUS(1) Access-Reject id=1]
[2018-08-06 10:07:09]: info: ppp714: 2:BMPNC1Cp: authentication failed
[2018-08-06 10:07:09]: info: 2:BMPNC1Cp: authentication failed
[2018-08-06 10:07:09]: info: ppp145: recv [RADIUS(1) Access-Reject id=1]
[2018-08-06 10:07:09]: info: ppp145: jennifer: authentication failed
[2018-08-06 10:07:09]: info: jennifer: authentication failed
[2018-08-06 10:07:09]: info: ppp145: disconnected
[2018-08-06 10:07:09]: info: ppp145: connect: ppp145 <--> pppoe(58:10:8C:92:AC:20)
[2018-08-06 10:07:09]: info: ppp145: disconnected
[2018-08-06 10:07:10]: info: ppp714: disconnected
[2018-08-06 10:07:11]: info: ppp714: connect: ppp714 <--> pppoe(C0:25:E9:98:1E:C1)
[2018-08-06 10:07:11]: info: ppp714: send [RADIUS(1) Access-Request id=1 <User-Name "santos souza"> <NAS-Identifier "caule"> <NAS-IP-Address 127.0.0.1> <NAS-Port 714> <NAS-Port-Id "ppp714"> <NAS-Port-Type Virtual> <Service-Type Framed-User> <Framed-Protocol PPP> <Calling-Station-Id "C0:25:E9:98:1E:C1"> <Called-Station-Id "fibra1.4004"> <Acct-Session-Id "0000000000088c7d"> <CHAP-Challenge > <CHAP-Password >]
[2018-08-06 10:07:11]: info: ppp145: connect: ppp145 <--> pppoe(C8:E7:D8:6D:80:81)
[2018-08-06 10:07:11]: info: ppp145: send [RADIUS(1) Access-Request id=1 <User-Name "^^escolamc"> <NAS-Identifier "caule"> <NAS-IP-Address 127.0.0.1> <NAS-Port 145> <NAS-Port-Id "ppp145"> <NAS-Port-Type Virtual> <Service-Type Framed-User> <Framed-Protocol PPP> <Calling-Station-Id "C8:E7:D8:6D:80:81"> <Called-Station-Id "fibradez4.3961"> <Acct-Session-Id "0000000000088c7e"> <CHAP-Challenge > <CHAP-Password >]
[2018-08-06 10:07:12]: info: ppp714: recv [RADIUS(1) Access-Reject id=1]
[2018-08-06 10:07:12]: info: ppp714: santos souza: authentication failed
[2018-08-06 10:07:12]: info: santos souza: authentication failed
[2018-08-06 10:07:12]: info: ppp714: disconnected
[2018-08-06 10:07:12]: info: ppp145: recv [RADIUS(1) Access-Reject id=1]
[2018-08-06 10:07:12]: info: ppp145: ^^escolamc: authentication failed
[2018-08-06 10:07:12]: info: ^^escolamc: authentication failed
[2018-08-06 10:07:13]: info: ppp145: disconnected
[2018-08-06 10:07:14]: info: ppp145: connect: ppp145 <--> pppoe(C8:E7:D8:6D:80:81)
0`UA*. f8escolamc"> <NAS-Identifier "caule"> <NAS-IP-Address 127.0.0.1> <NAS-Port 145> <NAS-Port-Id "ppp145"> <NAS-Port-Type Virtual> <Service-Type Framed-User> <Framed-Protocol PPP> <Calling-Station-Id "C8:E7:D8:6D:80:81"> <Called-Station-Id "fibradez4.3961"> <Acct-Session-Id "0000000000088c7f"> <CHAP-Challenge > <CHAP-Password >]
[2018-08-06 10:07:15]: info: ppp145: recv [RADIUS(1) Access-Reject id=1]
0`UA*. f8escolamc: authentication failed
0`UA*. f8escolamc: authentication failed
[2018-08-06 10:07:16]: info: ppp145: disconnected


htop:
Image

http://ap.imagensbrasil.org/image/nbRBtY

Re: pppoe - too many auth fail with strange username

Posted: 08 Aug 2018, 03:42
by dimka88
Hi, do you have segfault messages in /var/log/syslog or /var/messages?