From owner-freebsd-security  Tue Feb 20 10:31:36 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82])
	by hub.freebsd.org (Postfix) with ESMTP id EF82F37B401
	for <freebsd-security@freebsd.org>; Tue, 20 Feb 2001 10:31:34 -0800 (PST)
	(envelope-from cjc@rfx-216-196-73-168.users.reflexcom.com)
Received: from rfx-216-196-73-168.users.reflexcom.com ([216.196.73.168]) by mailhost01.reflexnet.net  with Microsoft SMTPSVC(5.5.1877.197.19);
	 Tue, 20 Feb 2001 10:29:36 -0800
Received: (from cjc@localhost)
	by rfx-216-196-73-168.users.reflexcom.com (8.11.1/8.11.1) id f1KIVQO77935;
	Tue, 20 Feb 2001 10:31:26 -0800 (PST)
	(envelope-from cjc)
Date: Tue, 20 Feb 2001 10:31:26 -0800
From: "Crist J. Clark" <cjclark@reflexnet.net>
To: Daniel Hagan <dhagan@colltech.com>
Cc: "Edward W. M." <edward_wm@hotmail.com>, fbsdsec@killaz-r-us.com,
	freebsd-security@FreeBSD.ORG
Subject: Re: Fw: Remote logging
Message-ID: <20010220103126.A77883@rfx-216-196-73-168.users.reflex>
Reply-To: cjclark@alum.mit.edu
References: <LC4-LFD3tgx8VUkRacU0000021d@hotmail.com> <3A91EE6A.82EBBC37@colltech.com> <20010219232503.T62368@rfx-216-196-73-168.users.reflex> <3A9247FD.F6C68145@colltech.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <3A9247FD.F6C68145@colltech.com>; from dhagan@colltech.com on Tue, Feb 20, 2001 at 05:33:33AM -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, Feb 20, 2001 at 05:33:33AM -0500, Daniel Hagan wrote:
> "Crist J. Clark" wrote:
> > On Mon, Feb 19, 2001 at 11:11:22PM -0500, Daniel Hagan wrote:
> > > You need
> > > MACs to prevent forging, which isn't available in the default syslog.
> > 
> > MACs can be easily forged by local machines. MAC information is not
> > normally accessible to programs anyway. You could not use "regular"
> > UDP socket programming. Crypto or physical security is the only
> > practical way to secure locally. And since crypto also works
> > remotely...
> 
> MAC == Message Authentication Code in the above paragraph.  I'm not sure
> if that's how you read it or not (were you thinking 802.3?).

I was reading Media Access Control address. Sorry, I was wa-ay off.
-- 
Crist J. Clark                           cjclark@alum.mit.edu

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message