Date: Mon, 15 Apr 2002 11:24:35 -0400 From: The Anarcat <anarcat@anarcat.dyndns.org> To: Sheldon Hearn <sheldonh@starjuice.net> Cc: Andrew Johns <johnsa@kpi.com.au>, Christoph Kukulies <kuku@gilberto.physik.rwth-aachen.de>, freebsd-security@FreeBSD.ORG Subject: Re: General Rate-limiting in syslog(3) (was: Limiting closed port RST response from 381 to 200 p) Message-ID: <20020415152435.GB302@lenny.anarcat.dyndns.org> In-Reply-To: <14272.1018884275@axl.seasidesoftware.co.za> References: <20020415151422.GA302@lenny.anarcat.dyndns.org> <14272.1018884275@axl.seasidesoftware.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
--gj572EiMnwbLXET9 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon Apr 15, 2002 at 05:24:35PM +0200, Sheldon Hearn wrote: >=20 > On Mon, 15 Apr 2002 11:14:22 -0400, The Anarcat wrote: >=20 > > Actually, what I would like would be a generic rate-limiting facility > > in syslog(3) itself. That would make DOS much harder. >=20 > There already is; that's what my patch relies on. It's just that > syslog's rate-limiting relies on messages being identical. >=20 > Anything more complicated is probably going to involve a new API, which > is probably more than what's required here. Yes, of course, you're right. I guess then that it doesn't belong to syslog(3). There is indeed an API and it does its job pretty well. I think it therefore belongs to ipfw to do this kind of rate-limiting, and on a per-rule base, it would be fantastic. I guess I'll need to take another look at ipfw's source, again. :) A. --=20 The idea that Bill Gates has appeared like a knight in shining armour to lead all customers out of a mire of technological chaos neatly ignores the fact that it was he who, by peddling second-rate technology, led them into it in the first place. - Douglas Adams (1952-2001) --gj572EiMnwbLXET9 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjy68LIACgkQttcWHAnWiGcIUwCghW6ajl+Det4rlpHiLKfoxrjl d0YAoJdSnQMOrUTjsoSqal+QMxu1Hdx+ =49OC -----END PGP SIGNATURE----- --gj572EiMnwbLXET9-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020415152435.GB302>