Date: Sun, 18 Feb 2001 16:55:05 -0700 From: Wes Peters <wes@softweyr.com> To: Brian Reichert <reichert@numachi.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Remote logging Message-ID: <3A9060D9.65B47A4@softweyr.com> References: <20010218170753.A85795@numachi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Brian Reichert wrote:
>
> To develop this further: people trying to handle these issues have
> _multiple_ networks. Each important (public) host has two NICs
> and is on both.
>
> The loghost is on that private 'administrative' network, and is
> locked down to death. Along with any terminal servers, backup
> servers, etc. These are machines that are the support structure
> of your LAN. If you allow logins at all, you would have in place
> strict access controls.
>
> Mind you, if one of the dual-homed hosts gets compromised, then
> the attacker could take steps to congest that administrative network,
> or congest the loghost. That's where an adaptive switch comes in,
> however you implement that.
You don't even necessarily have to compromise one of the dual-homed
host. Remember the multicast SYN attack? It would flood RSTs onto
all attached networks on each box that came under attack. That code
is a lot stronger now, but I have no doubt somebody will someday find
another similar attack.
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
wes@softweyr.com http://softweyr.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A9060D9.65B47A4>