>On Thu, 6 Oct 1994, Jim Carroll wrote:
>> I was wondering if running syslogd on a bastion host runs the risk of
>> being exploited?
>> That is, it would be nice to run syslogd to report any activities, but
>> does running syslogd translate to possibly presenting a hole?
>> This would seem to be a Catch-22.
>syslogd does listen on a UDP port to log messages from remote syslogd's...
>I can think of at least one denial-of-service attack with this.
>(Of course, you can remove the UDP code with access to syslogd source)
>- Paul "Shag" Walmsley <ccshag @
> "I am learning and evolving."
For those of us with the bastion hosts on a screened subnet, seems like that
the outer router could be configured to filter out syslog messages and thus