In your message of Mon, 30 Jan 1995 19:27:49 GMT, you say:
>In any case, I just had this great idea. I need a Silent 700 for the
>console on my firewall! I'll just hire some undergrad to run the
>stuff through an OCR on an inside system and then parse the longs
>and...
Seriously though, I think this is a pretty good idea. If you used a
logfile "grep -v" tool (something like a cross between swatch and the
memories tool from perl's contrib section) to cut down on the crud so
only the relevant [*] syslog lines are printed, then the output from
that is piped into /dev/ttya, you've got a guaranteed write-only log
system.
It's still open to problems: (a) what you define as "relevant" may grep
out some important log entries, and (b) a determined cracker could do a
denial-of-service attack as follows: logging vast quantities of
supposedly-relevant log entries (enough to cause the printer to run out
of paper), then log more so the printer fills up its buffer, then do
the cracking, then reboot the machine driving the printer so the
log entries related to the cracking get lost (they'd be in a kernel
buffer somewhere).
You'd want to make sure that your logfile grepper subs out any
control characters, otherwise the printer could be made to crash
(if it was smart enough ;).
Also, if they get onto the internal host where this log grepper is,
they could simply kill this daemon; however, by that stage, they'd have
done the cracking (and you'd have the logs).
--j.
References:
|
|
