From owner-freebsd-security  Sat Jul 15  9:28: 6 2000
Delivered-To: freebsd-security@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP id BBBAC37B5E2
	for <freebsd-security@FreeBSD.org>; Sat, 15 Jul 2000 09:28:02 -0700 (PDT)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.9.3/8.9.3) with SMTP id MAA16004
	for <freebsd-security@FreeBSD.org>; Sat, 15 Jul 2000 12:28:00 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Sat, 15 Jul 2000 12:28:00 -0400 (EDT)
From: Robert Watson <rwatson@FreeBSD.org>
X-Sender: robert@fledge.watson.org
To: freebsd-security@FreeBSD.org
Subject: syslog and stopping name lookup for remote logging
Message-ID: <Pine.NEB.3.96L.1000715122544.15043G-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


Right now, I believe syslogd attached the hostname of the source of a
network-sourced log message.  Needless to say, this can be a disadvantage,
as DNS spoofing and IP spoofing are both easy, but IP spoofing can be
stopped at the border router, whereas DNS spoofing is just dumb.  I was
wondering if anyone had patches to force syslogd to use the IP address
instead? (-n or something)  If not, I'll go ahead and write them. 

Thanks!

  Robert N M Watson 

robert@fledge.watson.org              http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37  ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Safeport Network Services



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message