[syslog-ng] Question - Spoof_source in TCP()
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Mon Aug 15 21:09:09 CEST 2005
On Mon, 15 Aug 2005 10:05:05 MDT, Gerardo Amaya said:
> Is there a way to have spoof_source functionallity option in syslog-ng
> TCP connections?
Not if the receiving host properly implements RFC1948. And if it doesn't,
you have bigger problems....
(Hint - how do you get the TCP connection through the 3-packet startup handshake
if you're spoofing the source? You send a spoofed SYN, it sends a SYN+ACK back
to the spoofed address, which will likely toss an RST packet back, and things
go pear-shaped really fast.)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20050815/c13e2b5f/attachment.pgp
More information about the syslog-ng
mailing list