From owner-freebsd-current  Fri Apr 12 08:55:28 1996
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id IAA14080
          for current-outgoing; Fri, 12 Apr 1996 08:55:28 -0700 (PDT)
Received: from precipice.shockwave.com (precipice.shockwave.com [171.69.108.33])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id IAA14071
          for <current@FreeBSD.org>; Fri, 12 Apr 1996 08:55:26 -0700 (PDT)
Received: from localhost.shockwave.com (localhost.shockwave.com [127.0.0.1]) by precipice.shockwave.com (8.7.5/8.7.3) with SMTP id IAA14067; Fri, 12 Apr 1996 08:54:47 -0700 (PDT)
Message-Id: <199604121554.IAA14067@precipice.shockwave.com>
To: Poul-Henning Kamp <phk@critter.tfs.com>
cc: current@FreeBSD.org
Subject: Re: log_in_vain stuff 
In-reply-to: Your message of "Tue, 09 Apr 1996 21:05:34 -0000."
             <9391.829083934@critter.tfs.com> 
Date: Fri, 12 Apr 1996 08:54:46 -0700
From: Paul Traina <pst@shockwave.com>
Sender: owner-current@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk


  From: Poul-Henning Kamp <phk@critter.tfs.com>
  Subject: Re: log_in_vain stuff 
  > Poul,
  > Sorry to unilaterally change your defaults on you,  but you just created
  > a security problem with the log in vain stuff.
  
  I have been out of town for a couple of days, it's OK.
  
  > You need to figure out a way to rate-limit these messages, otherwise you
  > can trivially knock a box into the ground with a packet generator.
  syslogd should rate-limit, not the kernel.

1. syslogd is not smart enough to rate limit if you scatter the ports
2. ratelimiting there only slows down filling up your logs, what about
   the CPU?
  
  The reason I left them on as default was mostly that I wanted to see
  if we had any bogons lurking (just like I did with phkmalloc initially).

  I think that they should be off by default, or possibly on, but go off
  after 10 messages, unless explicitly set "ON!"

That sounds way too complicated.  I think you should just leave them off,
turn them on for debugging, and if you want them on, they do need internal
rate limiting in the kernel (a simple check should be sufficient).

Paul
  
  --
  Poul-Henning Kamp           | phk@FreeBSD.ORG       FreeBSD Core-team.
  http://www.freebsd.org/~phk | phk@login.dknet.dk    Private mailbox.
  whois: [PHK]                | phk@ref.tfs.com       TRW Financial Systems, In
>>c.
  Future will arrive by its own means, progress not so.