Hosting Provided By

RE: Remote Syslogd

From: Alejandro Rusell <arusell(at)biycsa.com.ar>
Date: Wed Nov 06 2002 - 09:41:20 EST

Hello all,

My .02 in the message.

Regards,

Alejandro

> -----Mensaje original-----
> De: Gino Pietro Guidi [mailto:gguidi@hiddentiger.net]
> Enviado el: Martes, 05 de Noviembre de 2002 12:31 a.m.
> Para: 'Tom Perrine'; paul@timmins.net
> CC: msconzo@shamu.tamu.edu; forensics@securityfocus.com
> Asunto: RE: Remote Syslogd
>
>
> I have recently came across an article that described secure logging

This configuration is vulnerable to attacks trying to fill the log's repository.

By the way, the sniffer / snort has to be able to cope with all the traffic. Even when the syslog traffic is small, unless you use a different network to manage logs, the current core networks in most enterprises are at least 100Mbps, not to say Gigabit. What if the attacker fills the network at cable speed?

> With this configuration, in theory,

Do you need help?

This one is true.

> Gino Guidi

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Wed Nov 6 11:54:02 2002

This message: [ Message body ]
Next message: John: "Re: Remote Syslogd"
Previous message: Dave Ryan: "Dealing with RAID and SCA Drives"
In reply to Gino Pietro Guidi: "RE: Remote Syslogd"
Next in thread: Ben Boulanger: "RE: Remote Syslogd"
Reply: Ben Boulanger: "RE: Remote Syslogd"
Reply: John Fitzgerald: "RE: Remote Syslogd"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:41 EDT