From owner-freebsd-security  Mon Apr 15  8:21:37 2002
Delivered-To: freebsd-security@freebsd.org
Received: from axl.seasidesoftware.co.za (axl.seasidesoftware.co.za [196.31.7.201])
	by hub.freebsd.org (Postfix) with ESMTP id 6E1B437B404
	for <freebsd-security@freebsd.org>; Mon, 15 Apr 2002 08:21:28 -0700 (PDT)
Received: from sheldonh (helo=axl.seasidesoftware.co.za)
	by axl.seasidesoftware.co.za with local-esmtp (Exim 3.33 #1)
	id 16x8LL-0003iD-00; Mon, 15 Apr 2002 17:24:35 +0200
From: Sheldon Hearn <sheldonh@starjuice.net>
To: The Anarcat <anarcat@anarcat.dyndns.org>
Cc: Andrew Johns <johnsa@kpi.com.au>,
	Christoph Kukulies <kuku@gilberto.physik.rwth-aachen.de>,
	freebsd-security@FreeBSD.ORG
Subject: Re: General Rate-limiting in syslog(3) (was: Limiting closed port RST response from 381 to 200 p) 
In-reply-to: Your message of "Mon, 15 Apr 2002 11:14:22 -0400."
             <20020415151422.GA302@lenny.anarcat.dyndns.org> 
Date: Mon, 15 Apr 2002 17:24:35 +0200
Message-ID: <14272.1018884275@axl.seasidesoftware.co.za>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org



On Mon, 15 Apr 2002 11:14:22 -0400, The Anarcat wrote:

> Actually, what I would like would be a generic rate-limiting facility
> in syslog(3) itself. That would make DOS much harder.

There already is; that's what my patch relies on.  It's just that
syslog's rate-limiting relies on messages being identical.

Anything more complicated is probably going to involve a new API, which
is probably more than what's required here.

Ciao,
Sheldon.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message