Hi All, Hopefully a quick one, I am on FreeRADIUS v3.2.1 so have implemented the recommended steps into my server to mitigate BlastRADIUS attacks (however unlikely) by adding the below into my default and inner-tunnel servers: authorize { if (!EAP-Message) { update reply { Message-Authenticator := 0x00 } } ... Since I am using EAPTTLS/PAP, surely I am not susceptible to BlastRADIUS since the PAP traffic is within a TLS tunnel? Or have I misunderstood? The RADIUS also only communicates locally so not over the internet. Furthermore after implementing the aforementioned change, nothing seems to have changed in the debug log. Should I see a difference between the debugs before implementing this change and after? Kind regards, Connor