Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Is it time to block all Microsoft protocols in the core?

  • From: Joe Abley
  • Date: Tue Jan 28 14:42:46 2003


On Monday, Jan 27, 2003, at 14:04 Asia/Katmandu, Sean Donelan wrote:

Its not just a Microsoft thing.  SYSLOG opened the network port by
default, and the user has to remember to disable it for only local
logging.
You're using mixed tense in these sentences, so I can't tell whether you think that syslog's network port is open by default on operating systems today.

On FreeBSD, NetBSD, OpenBSD and Darwin/Mac OS X (the only xterms I happen to have open right now) this is not the case, and has not been for some time. I presume, perhaps na´vely, that other operating systems have done something similar.

[...]

DESCRIPTION
syslogd reads and logs messages to the system console, log files, other
machines and/or users as specified by its configuration file.

The options are as follows:

[...]

-u Select the historical ``insecure'' mode, in which syslogd will
accept input from the UDP port. Some software wants this, but
you can be subjected to a variety of attacks over the network,
including attackers remotely filling logs.

[...]

Joe





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.