[lug] logs

Sean Reifschneider jafo at tummy.com
Mon Jul 30 22:07:46 MDT 2001


On Mon, Jul 30, 2001 at 04:47:40PM -0600, D. Stimits wrote:
>used as a stepping stone to get to. The idea of logging through a direct
>net connection to a less protected machine doesn't look good to me. I

This is what I don't understand.  You seem to be implying that simply
because the logging machine is accepting UDP packets to syslog from the
other machine, that it's less protected.  Presumably your firewall won't be
compromised via a remote syslog attack, since it's syslogd won't be
accepting packets on the syslogd port.

So, it's unlikely that the attack on a box that's acting as a logging
server only would be the same as the one used to compromise the box where
syslog isn't accepting incoming syslogd packets...

Sean
-- 
 Passionate hatred can give meaning and purpose to an empty life.
                 -- Eric Hoffer
Sean Reifschneider, Inimitably Superfluous <jafo at tummy.com>
tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python



More information about the LUG mailing list