Firewalls: Re: syslogd risk

Firewalls
(October 1994)

Indexed By Thread: [Previous] [Next]

Subject:	Re: syslogd risk
From:	rgm3 @ is . chrysler . com (Robert Moskowitz)
Date:	Fri, 14 Oct 1994 12:55:02 -0500
To:	firewalls @ greatcircle . com

>On Thu, 6 Oct 1994, Jim Carroll wrote:
>
>> I was wondering if running syslogd on a bastion host runs the risk of
>> being exploited?  
>> 
>> That is, it would be nice to run syslogd to report any activities, but
>> does running syslogd translate to possibly presenting a hole?
>> 
>> This would seem to be a Catch-22.
>> 
>
>syslogd does listen on a UDP port to log messages from remote syslogd's...
>I can think of at least one denial-of-service attack with this. 
>
>(Of course, you can remove the UDP code with access to syslogd source)
>
>
>- Paul "Shag" Walmsley <ccshag @
 everest .
 cclabs .
 missouri .
 edu>
>  "I am learning and evolving."

For those of us with the bastion hosts on a screened subnet, seems like that
the outer router could be configured to filter out syslog messages and thus
avoid this.

Robert Moskowitz
Chrysler Corporation
(810) 758-8212

Indexed By Date	Previous:	Re: New location for satan? From: Karyn Pichnarczyk <karyn @ cheetah . llnl . gov>
Indexed By Date	Next:	Re: Most Bang for the Buck From: mark @ swaps-comm . ml . com (Mark Hahn -- DMD Systems -- x3361)
Indexed By Thread	Previous:	Re: syslogd risk From: cactus @ bb . com (L. Todd Masco)
Indexed By Thread	Next:	Re: Encrypted WANs via the Internet From: RGMoskowitz-3 @ is . chrysler . com (Robert Moskowitz)