Previously, Dr. Frederick B. Cohen wrote:
> Does anyone know if there is a version of syslog that does not
> run over UDP? Does anyone have a utility (similar to telnet?) that will
> let me create UDP packets from shell scripts so I can test UDP attacks
> from shell scripts?
One of the great things about syslogd on UDP is that anybody can put
forged entries into your log files. This is a great way to frame
somebody you don't like, or just generally contribute to the paranoia
of an admin you want to play games with. Perhaps insert 100 failed
telnet and rlogins as root from cert.org to all your friends machines.
This just goes back to the same old points. IP addresses are not good
for authentication, and they're really not even good for identification.
UDP is easy to fake, so don't trust much of what you see on it unless
you've got a good authentication scheme on top of it.
Michael R. Widner