On 15 Apr 2014, at 21:55, Jason Watts jwa...@pratt.edu wrote:
Thanks for the clarification.
FreeRADIUS 2.2.5 and 3.0.3 will contain heartbleed attack detection
code which will not only prevent an attack, but also produce explicit
log output indicating it was attempted.
It has been confirmed
Bad math... 10 out of 180 is more than 5% !
Sorry!
On Apr 15, 2014, at 1:16 PM, Hanset, Philippe C phan...@utk.edu wrote:
All,
We have been informing eduroam connected schools in the US that were
vulnerable
to heartbleed (about 10 schools were vulnerable out of 180 connected to
I'm not sure it's common that clients speak directly to a radius server.
Usually there is a NAS in between whether it be VPN concentrator,
switch, wireless controller/AP etc. If your clients reside on subnets
that have no visibility to the Radius server and NAS management subnets
then you'd
Jason,
Since the RADIUS server terminates the EAP session, it will be vulnerable to
the attack.
Philippe
On Apr 15, 2014, at 3:16 PM, Jason Watts jwa...@pratt.edu wrote:
I'm not sure it's common that clients speak directly to a radius server.
Usually there is a NAS in between whether it be
Thanks for the clarification.
--
Jason Watts
Pratt Institute, Academic Computing
Senior Network Administrator
Hanset, Philippe C wrote:
Jason,
Since the RADIUS server terminates the EAP session, it will be vulnerable to
the attack.
Philippe
On Apr 15, 2014, at 3:16 PM, Jason Watts