> Let's suppose that there is also an attacker > (a disglunted employee maybe?), who knows about this bug and decides to > attack my FreeRadius servers, so he starts sending these > specially crafted packets to each server and since the two servers have > the same bug, both of them would die upon receiving these packets.
I suggest using network-based firewall or even a kernel-based firewall to limit what IP addresses are allowed to talk to your radius server. While it's not 100% perfect, it should at least limit your exposure to hosts you know about and hopefully trust. Managing two platforms is very tough especially given the flexibility FreeRadius gives you. Not all platforms will offer this. You'd be begging to put yourself in a situation where both platforms can't perform the same tasks the same way. (in my opinion) Regards, Jason P Hodges Senior Network and Systems Architect - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
