[syslog-ng] Controlling Logging to Central Syslog-ng Server,
DoS etc
nate
nate at campin.net
Fri Sep 22 16:26:15 CEST 2006
On Fri, Sep 22, 2006 at 03:18:50PM +0100, Hari Sekhon wrote:
>
> After all, you couldn't somebody just write a loop to send garbage to it
> and fill the whole machine up, not to mention drown out all other valid
> logs so you miss any important events (oops, I am giving away too much
> here?). I'm actually tempted to write an attack for this right now...
This is always a risk. It's obvious enough that it's not discussed much.
syslog-ng has tcp wrappers support, and you always have packet
filtering.
You should certainly block unauthorized IPs, but your authorized IPs are
just as scary as the others. The miscreant will either be an authorized
user or have compromised an authorized account and will flood your
syslog server from there.
If you want to dicuss DoS, come up with a way to deal with that.
--
Nate
"Let us be thankful for the fools. But for them the rest of us could not
succeed." - Following the Equator, Pudd'nhead Wilson's New Calendar - Samuel Clemens
More information about the syslog-ng
mailing list