From owner-freebsd-security  Tue Oct  5 18:59:33 1999
Delivered-To: freebsd-security@freebsd.org
Received: from mail-gw.pacbell.net (mail-gw.pacbell.net [206.13.28.25])
	by hub.freebsd.org (Postfix) with ESMTP id 8537B14C94
	for <freebsd-security@freebsd.org>; Tue,  5 Oct 1999 18:59:13 -0700 (PDT)
	(envelope-from madscientist@thegrid.net)
Received: from remus (adsl-63-193-246-169.dsl.snfc21.pacbell.net [63.193.246.169])
	by mail-gw.pacbell.net (8.9.3/8.9.3) with SMTP id SAA16315
	for <freebsd-security@freebsd.org>; Tue, 5 Oct 1999 18:57:08 -0700 (PDT)
Message-Id: <4.1.19991005185332.009763d0@mail.thegrid.net>
X-Sender: i289861@mail.thegrid.net
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 
Date: Tue, 05 Oct 1999 18:54:25 -0700
To: freebsd-security@freebsd.org
From: The Mad Scientist <madscientist@thegrid.net>
Subject: Re: Syslog over serial
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

At 07:27 AM 10/5/99 +0200, you wrote: 
>> Great, thanks. What about connecting a few machines to a central logging 
>> server with this setup? Will I have to get a board for the logging server 
>> with a number of parallel ports? Can I get whatever hardware that is used 
>> to hook up multiple printers to a single machine? 
> 
>Well the idea is quite good, but dangerous! 
> 
>The intention to send syslog over a serial line is not to have an IP 
>connection betwen the sender (normaly a server in a dmz) and a logging host. 
>So if you establish a p-t-p IP connection, it's easier to use an ethernet 
>wire ... just to keep in mind. 
> 
> Randolf
I figured all the normal rules of tcp/ip applied to a ptp connection over 
parallel. This means that I've created a connection across my inner 
firewall. I suppose one solution would be to run ipfw on the logging host 
and allow only udp-port-514-traffic in. Of course, I might as well be 
using ethernet. ^_^ Parallel lines add some protection from snooping 
though. Perhaps encrypted syslog is a better alternative. (I remember the 
pseudo-flame wars over secure syslog a few months ago. I'll go troll the 
archives) 
Thanks to all who replied (but don't let this email discourage you from 
putting in your thoughts about running syslog over serial lines.) 
-Dean 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message