Firewalls: Re: Syslog

Firewalls
(October 1994)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Syslog
From:	z056716 @ uprc . com (LaCoursiere J. D. (Jeff))
Date:	Fri, 7 Oct 1994 09:47:48 +0600
To:	jimc @ e-commerce . com, smartin @ fujitsu . ca
Cc:	firewalls @ GreatCircle . COM

> 
> >From listening to the thread do far, it seems that the main threat to syslog
> is through the denial of service caused by filling up the loghosts disk. It 
> might therefore be a good idea to have /var/log or where ever you want the
> logging to go, be a separate partition so that your loghost can not be screwed
> up by filling up it's root partition.
> 						Steve

That's not the only danger, though.  By filling *whatever* partition syslog
is pointed at, the attacker can break in without being logged (at least by
syslogd :-> )


Jeff LaCoursiere
Network Admin
UPRC
Ft. Worth, TX
/**********************************************************************

              THE MAGIC WORDS ARE SQUEAMISH OSSIFRAGE

**********************************************************************/

Follow-Ups:

Re: Syslog
From: jimc @ e-Commerce . Com (Jim Carroll)

Indexed By Date	Previous:	IPX Firewall From: "Roger Chalonec, INS, (202) 514-4822" <chalonec @ justice . usdoj . gov>
Indexed By Date	Next:	Re: Syslog From: jimc @ e-Commerce . Com (Jim Carroll)
Indexed By Thread	Previous:	Syslog From: jimc @ e-Commerce . Com (Jim Carroll)
Indexed By Thread	Next:	Re: Syslog From: jimc @ e-Commerce . Com (Jim Carroll)