From owner-freebsd-isp Wed Apr 10 5:22: 1 2002 Delivered-To: freebsd-isp@freebsd.org Received: from atlantis.dp.ua (atlantis.dp.ua [193.108.46.1]) by hub.freebsd.org (Postfix) with ESMTP id 0215B37B405 for ; Wed, 10 Apr 2002 05:21:55 -0700 (PDT) Received: from localhost (dmitry@localhost) by atlantis.dp.ua (8.11.1/8.11.1) with ESMTP id g3ACLfs74310 for ; Wed, 10 Apr 2002 15:21:42 +0300 (EEST) (envelope-from dmitry@atlantis.dp.ua) Date: Wed, 10 Apr 2002 15:21:40 +0300 (EEST) From: Dmitry Pryanishnikov To: Subject: Re: [OT] All-in-one server In-Reply-To: <20020410075427.E77771-100000@cagelink.com.lucky.freebsd.isp> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello! On Wed, 10 Apr 2002, Tyler wrote: > I don't use it so I wouldn't know about any exploits, but the newest > version is 0.18.1 and I dunno what version is in ports. > > On Tue, 9 Apr 2002, Alan Clegg wrote: > > > Unless the network is lying to me again, Tyler said: > > > > > ICRADIUS uses a web-interface and a MySQL backend. > > > > From the port Makefile: > > > > FORBIDDEN= "Remotely exploitable buffer overflow" IMHO, one can safely use it if he guard RADIUS UDP ports (old pair 1646/1646, new 1812/1813) against side traffic using the firewall. Don't forget about IP address spoofing: receive packets only from NASes and filter out such a packets on all other interfaces (including clients, of course!). Sincerely, Dmitry Atlantis ISP, System Administrator e-mail: dmitry@atlantis.dp.ua nic-hdl: LYNX-RIPE To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message