From owner-freebsd-security Thu Aug 28 17:15:02 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id RAA28549 for security-outgoing; Thu, 28 Aug 1997 17:15:02 -0700 (PDT) Received: (from jmb@localhost) by hub.freebsd.org (8.8.7/8.8.7) id RAA28531; Thu, 28 Aug 1997 17:14:56 -0700 (PDT) From: "Jonathan M. Bresler" Message-Id: <199708290014.RAA28531@hub.freebsd.org> Subject: Re: FW: syslogd fun (fwd) To: gurney_j@resnet.uoregon.edu Date: Thu, 28 Aug 1997 17:14:55 -0700 (PDT) Cc: Shimon@i-Connect.Net, freebsd-security@FreeBSD.ORG In-Reply-To: <19970828144815.02488@hydrogen.nike.efn.org> from "John-Mark Gurney" at Aug 28, 97 02:48:15 pm X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk John-Mark Gurney wrote: > > Simon Shapiro scribbled this message on Aug 28: > > Is this something we have to worry about in FreeBSD? I think it may, but > > do not know... > > nope... freebsd's syslog in -current has the ability to turn on reception > of such messages from specific hosts... and when you specify "secure" > mode (which doesn't accept messages) you can still send messages to > remote hosts for logging... hmm....the loghost, the computer running syslogd and accepting messages from other computers, remains vunerable, as is noted in the BUGS section of the man page "The ability to log messages received in UDP packets is equivalent to an unauthenticated remote disk-filling service, and should probably be dis- abled by default. Some sort of inter-syslogd authentication mechanism ought to be worked out. To prevent the worst abuse, use of the -a option is therefore highly recommended." filter syslog at your firewall. falls under teh general rule: "unless you need it, filter it out" jmb