Hosting Provided By

Re: Remote Syslogd

From: Luis Bruno <lbruno(at)zbit.pt>
Date: Sat Nov 09 2002 - 05:21:38 EST

James Lee Bell wrote:
> Specifically, won't something along the way end up generating ICMP-host

The phantom host might just ignore (ie. drop packets silently on the floor) 53/udp traffic. Use a small computer for that purpose. Then, we won't talk about a phantom log host anymore.

Another thing to remember is that an attacker that sees @192.168.0.200 in /etc/syslog.conf and can actually ping(1) or traceroute(1) it might not even suspect there is something in the middle collecting packets.

Cheers,
Luis Bruno

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Sat Nov 9 09:32:54 2002

This message: [ Message body ]
Next message: Onsite West Houston: "RE: Remote Syslogd"
Previous message: Seth Arnold: "Re: Win32 Port of TAR"
In reply to: James Lee Bell: "Re: Remote Syslogd"
In reply to Gino Pietro Guidi: "RE: Remote Syslogd"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:41 EDT