Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 28 Aug 1997 17:14:55 -0700 (PDT)
From:      "Jonathan M. Bresler" <jmb>
To:        gurney_j@resnet.uoregon.edu
Cc:        Shimon@i-Connect.Net, freebsd-security@FreeBSD.ORG
Subject:   Re: FW: syslogd fun (fwd)
Message-ID:  <199708290014.RAA28531@hub.freebsd.org>
In-Reply-To: <19970828144815.02488@hydrogen.nike.efn.org> from "John-Mark Gurney" at Aug 28, 97 02:48:15 pm

next in thread | previous in thread | raw e-mail | index | archive | help
John-Mark Gurney wrote:
> 
> Simon Shapiro scribbled this message on Aug 28:
> > Is this something we have to worry about in FreeBSD?  I think it may, but
> > do not know...
> 
> nope...  freebsd's syslog in -current has the ability to turn on reception
> of such messages from specific hosts... and when you specify "secure"
> mode (which doesn't accept messages) you can still send messages to
> remote hosts for logging...

	hmm....the loghost, the computer running syslogd and accepting
	messages from other computers, remains vunerable, as is noted
	in the BUGS section of the man page

"The ability to log messages received in UDP packets is equivalent to an
 unauthenticated remote disk-filling service, and should probably be dis-
 abled by default.  Some sort of inter-syslogd authentication mechanism
 ought to be worked out.  To prevent the worst abuse, use of the -a option
 is therefore highly recommended."


	filter syslog at your firewall.  falls under teh general rule:
	"unless you need it, filter it out"
jmb



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199708290014.RAA28531>