Date: Mon, 28 Jul 1997 10:59:44 -0400 (EDT) From: Robert Watson <robert@cyrus.watson.org> To: Guido van Rooij <guido@gvr.win.tue.nl> Cc: vince@mail.MCESTATE.COM, loco@onyks.wszib.poznan.pl, security@FreeBSD.ORG, mario1@PrimeNet.Com, johnnyu@accessus.net Subject: Re: security hole in FreeBSD Message-ID: <Pine.BSF.3.95q.970728105715.3000H-100000@cyrus.watson.org> In-Reply-To: <199707281353.PAA04645@gvr.win.tue.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 28 Jul 1997, Guido van Rooij wrote: > > > > BTW, does anyone know if there is a secure logging protocol? Syslog on > > UDP seems a tad unreliable, not to mention opening one up from DoS. I log > > Not on local delivery of udp packets. Nowadays, the FreeBSD syslogd is shipped > with an option -s that makes it refuse syslog messages form remote > machins. This of course does not help if you want to be able to get > syslog entries from a remote host. But you can refure udp packet > with destination port 513 on your routers. Unfortunately, I don't have the liberty of reconfiguring some of the routers my hosts are acessible through. Using ipfirewall to restrict incoming messages is possible, but undesirable as it doesn't help against spoofing, if the threat is also inside your network. The vulnerable host in the -s case is the loghost, which must accept network log messages. Configuring with a default of -s is a good arrangement. Robert N Watson Junior, Logic+Computation, Carnegie Mellon University http://www.cmu.edu/ Network Security Research, Trusted Information Systems http://www.tis.com/ Network Administrator, SafePort Network Services http://www.safeport.com/ robert@fledge.watson.org rwatson@tis.com http://www.watson.org/~robert/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95q.970728105715.3000H-100000>