From owner-freebsd-security Mon Apr 15 8:26:11 2002 Delivered-To: freebsd-security@freebsd.org Received: from tomts13-srv.bellnexxia.net (tomts13.bellnexxia.net [209.226.175.34]) by hub.freebsd.org (Postfix) with ESMTP id 4E0C637B416 for ; Mon, 15 Apr 2002 08:25:43 -0700 (PDT) Received: from khan.anarcat.dyndns.org ([65.94.186.97]) by tomts13-srv.bellnexxia.net (InterMail vM.4.01.03.23 201-229-121-123-20010418) with ESMTP id <20020415152541.FYLI4519.tomts13-srv.bellnexxia.net@khan.anarcat.dyndns.org>; Mon, 15 Apr 2002 11:25:41 -0400 Received: from lenny.anarcat.dyndns.org (lenny.anarcat.dyndns.org [192.168.0.4]) by khan.anarcat.dyndns.org (Postfix) with SMTP id 2C9E61A1F; Mon, 15 Apr 2002 11:25:39 -0400 (EDT) Received: by lenny.anarcat.dyndns.org (sSMTP sendmail emulation); Mon, 15 Apr 2002 11:24:35 -0400 Date: Mon, 15 Apr 2002 11:24:35 -0400 From: The Anarcat To: Sheldon Hearn Cc: Andrew Johns , Christoph Kukulies , freebsd-security@FreeBSD.ORG Subject: Re: General Rate-limiting in syslog(3) (was: Limiting closed port RST response from 381 to 200 p) Message-ID: <20020415152435.GB302@lenny.anarcat.dyndns.org> Mail-Followup-To: Sheldon Hearn , Andrew Johns , Christoph Kukulies , freebsd-security@FreeBSD.ORG References: <20020415151422.GA302@lenny.anarcat.dyndns.org> <14272.1018884275@axl.seasidesoftware.co.za> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="gj572EiMnwbLXET9" Content-Disposition: inline In-Reply-To: <14272.1018884275@axl.seasidesoftware.co.za> User-Agent: Mutt/1.3.27i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --gj572EiMnwbLXET9 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon Apr 15, 2002 at 05:24:35PM +0200, Sheldon Hearn wrote: >=20 > On Mon, 15 Apr 2002 11:14:22 -0400, The Anarcat wrote: >=20 > > Actually, what I would like would be a generic rate-limiting facility > > in syslog(3) itself. That would make DOS much harder. >=20 > There already is; that's what my patch relies on. It's just that > syslog's rate-limiting relies on messages being identical. >=20 > Anything more complicated is probably going to involve a new API, which > is probably more than what's required here. Yes, of course, you're right. I guess then that it doesn't belong to syslog(3). There is indeed an API and it does its job pretty well. I think it therefore belongs to ipfw to do this kind of rate-limiting, and on a per-rule base, it would be fantastic. I guess I'll need to take another look at ipfw's source, again. :) A. --=20 The idea that Bill Gates has appeared like a knight in shining armour to lead all customers out of a mire of technological chaos neatly ignores the fact that it was he who, by peddling second-rate technology, led them into it in the first place. - Douglas Adams (1952-2001) --gj572EiMnwbLXET9 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjy68LIACgkQttcWHAnWiGcIUwCghW6ajl+Det4rlpHiLKfoxrjl d0YAoJdSnQMOrUTjsoSqal+QMxu1Hdx+ =49OC -----END PGP SIGNATURE----- --gj572EiMnwbLXET9-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message