From owner-freebsd-security  Sun Feb 18 15:48:12 2001
Delivered-To: freebsd-security@freebsd.org
Received: from homer.softweyr.com (bsdconspiracy.net [208.187.122.220])
	by hub.freebsd.org (Postfix) with ESMTP id 6C25637B65D
	for <freebsd-security@freebsd.org>; Sun, 18 Feb 2001 15:48:05 -0800 (PST)
Received: from [127.0.0.1] (helo=softweyr.com ident=Fools trust ident!)
	by homer.softweyr.com with esmtp (Exim 3.16 #1)
	id 14UdfV-0000Gn-00; Sun, 18 Feb 2001 16:55:05 -0700
Message-ID: <3A9060D9.65B47A4@softweyr.com>
Date: Sun, 18 Feb 2001 16:55:05 -0700
From: Wes Peters <wes@softweyr.com>
Organization: Softweyr LLC
X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.2.12 i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Brian Reichert <reichert@numachi.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Remote logging
References: <20010218170753.A85795@numachi.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Brian Reichert wrote:
> 
> To develop this further: people trying to handle these issues have
> _multiple_ networks.  Each important (public) host has two NICs
> and is on both.
> 
> The loghost is on that private 'administrative' network, and is
> locked down to death.  Along with any terminal servers, backup
> servers, etc.  These are machines that are the support structure
> of your LAN.  If you allow logins at all, you would have in place
> strict access controls.
> 
> Mind you, if one of the dual-homed hosts gets compromised, then
> the attacker could take steps to congest that administrative network,
> or congest the loghost.  That's where an adaptive switch comes in,
> however you implement that.

You don't even necessarily have to compromise one of the dual-homed
host.  Remember the multicast SYN attack?  It would flood RSTs onto
all attached networks on each box that came under attack.  That code
is a lot stronger now, but I have no doubt somebody will someday find
another similar attack.

-- 
            "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                         Softweyr LLC
wes@softweyr.com                                           http://softweyr.com/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message