Date: Thu, 27 May 1999 10:00:38 +0200 (CEST) From: Martin Kammerhofer <dada@balu.kfunigraz.ac.at> To: security@FreeBSD.ORG Subject: Re: TCP connect data logger Message-ID: <Pine.BSF.3.96.990527095231.466B-100000@localhost.kfunigraz.ac.at> In-Reply-To: <63985.927789886@axl.noc.iafrica.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 27 May 1999, Sheldon Hearn wrote: > On Wed, 26 May 1999 14:05:14 +0200, Martin Kammerhofer wrote: > > > Both udp.log_in_vain and tcp.log_in_vain have *no* rate limiting. > > Enabling them can generate huge amounts of LOG_INFO messages during > > port scans. > > That's why they're only really useful if syslog writing their output > away from sensitive filesystems like /var. > > There's a lot of material in the archives of this list regarding > suitable alternatives (printers, remote syslogd's, dedicated filesystems > etc.) so there's no need for us to rehash that now. :-) > You are suggesting the choice of redirecting the disk filling service? This sounds to me like exporting toxic waste to preserve the environment. There is a need for rate limiting and it should be implemented. It can be done in a few LOC. Regards, Martin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990527095231.466B-100000>