From owner-freebsd-hackers  Mon Mar 11 23:18:55 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from artemis.drwilco.net (diana.drwilco.net [66.48.127.79])
	by hub.freebsd.org (Postfix) with ESMTP id 2893E37B41B
	for <freebsd-hackers@freebsd.org>; Mon, 11 Mar 2002 23:18:38 -0800 (PST)
Received: from ceres.drwilco.net (docwilco.xs4all.nl [213.84.68.230])
	by artemis.drwilco.net (8.11.6/8.11.6) with ESMTP id g2C7IWV75248
	(using TLSv1/SSLv3 with cipher DES-CBC3-SHA (168 bits) verified NO);
	Tue, 12 Mar 2002 02:18:34 -0500 (EST)
	(envelope-from drwilco@drwilco.net)
Message-Id: <5.1.0.14.0.20020312082838.029a6d38@mail.drwilco.net>
X-Sender: drwilco@mail.drwilco.net
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Tue, 12 Mar 2002 08:29:33 +0100
To: Giorgos Keramidas <keramida@ceid.upatras.gr>
From: "Rogier R. Mulhuijzen" <drwilco@drwilco.net>
Subject: Re: logging securelevel violations
Cc: freebsd-hackers@freebsd.org
In-Reply-To: <20020312003659.GH2388@hades.hell.gr>
References: <5.1.0.14.0.20020311220030.01c3ace0@mail.drwilco.net>
 <5.1.0.14.0.20020311220030.01c3ace0@mail.drwilco.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

At 02:36 12-3-2002 +0200, Giorgos Keramidas wrote:
>On 2002-03-11 22:00, Rogier R. Mulhuijzen wrote:
> >
> > >I think this would be useful, but I would be concerned about the rate at
> > >which these messages could come when someone is actively attacking a
> > >system.
> > >Perhaps such messages could go through a rate limiter mechanism similar to
> > >that now used by the network interfaces.
> >
> > syslogd already has a "last message repeated N times"
>
>Rate limiting is still needed:
>
>         while true ;do
>                 echo "" > /dev/ad0
>                 echo "" > /dev/ad1
>         done
>
>This would cause syslogd to go nuts!

crw-r-----  2 root  operator  116, 0x00010002 Jan 20 03:13 /dev/ad0

Only if you're root.

         Doc


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message