Date: Thu, 28 Aug 1997 17:14:55 -0700 (PDT) From: "Jonathan M. Bresler" <jmb> To: gurney_j@resnet.uoregon.edu Cc: Shimon@i-Connect.Net, freebsd-security@FreeBSD.ORG Subject: Re: FW: syslogd fun (fwd) Message-ID: <199708290014.RAA28531@hub.freebsd.org> In-Reply-To: <19970828144815.02488@hydrogen.nike.efn.org> from "John-Mark Gurney" at Aug 28, 97 02:48:15 pm
next in thread | previous in thread | raw e-mail | index | archive | help
John-Mark Gurney wrote: > > Simon Shapiro scribbled this message on Aug 28: > > Is this something we have to worry about in FreeBSD? I think it may, but > > do not know... > > nope... freebsd's syslog in -current has the ability to turn on reception > of such messages from specific hosts... and when you specify "secure" > mode (which doesn't accept messages) you can still send messages to > remote hosts for logging... hmm....the loghost, the computer running syslogd and accepting messages from other computers, remains vunerable, as is noted in the BUGS section of the man page "The ability to log messages received in UDP packets is equivalent to an unauthenticated remote disk-filling service, and should probably be dis- abled by default. Some sort of inter-syslogd authentication mechanism ought to be worked out. To prevent the worst abuse, use of the -a option is therefore highly recommended." filter syslog at your firewall. falls under teh general rule: "unless you need it, filter it out" jmb
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199708290014.RAA28531>