Date: Wed, 6 Jan 1999 03:38:59 -0800 From: "Jan B. Koum " <jkb@best.com> To: sthaug@nethelp.no, avalon@coombs.anu.edu.au Cc: freebsd-security@FreeBSD.ORG Subject: Re: kernel/syslogd hack Message-ID: <19990106033859.A26493@best.com> In-Reply-To: <7158.915619144@verdi.nethelp.no>; from sthaug@nethelp.no on Wed, Jan 06, 1999 at 11:39:04AM %2B0100 References: <199901060935.UAA24071@cheops.anu.edu.au> <7158.915619144@verdi.nethelp.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jan 06, 1999 at 11:39:04AM +0100, sthaug@nethelp.no wrote:
> > In what I think is a "bug" (or missing feature), commenting out syslog/514
> > in /etc/services causes syslogd not to start rather than to just not open
> > up the UDP port (2.2.5) but "syslogd -s" shuts down the UDP port for
> > reception of syslog messages, so that's covered.
>
> No, "syslogd -s" does *not* shut down the UDP port - at least not in
>
> $Id: syslogd.c,v 1.46 1998/12/29 23:14:50 cwt Exp $
>
> Instead the packets are received and then logged as
>
> "syslogd: discarded %d unwanted packets in secure mode, last from %s"
>
> I would much prefer that it actually not listened to the UDP port at all.
>
> Steinar Haug, Nethelp consulting, sthaug@nethelp.no
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
Exactly. And in this case ipfw/ipf is your friend (or ACL on a
router) if '-s' alone does not make you feel warm and fuzzy:
# ipfw add 9999 deny udp from any to ${my_ip} 514
-- Yan
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990106033859.A26493>