Firewall Wizards mailing list archives
Re: "Dropsafe" logs
From: "Roelof JT Jonkman" <rjonkman () ittc ukans edu>
Date: Thu, 08 Apr 1999 10:59:19 -0500
Scott, Syslogs are UDP, as such they don't require a response from the host that receives. (As opposed to TCP which does require a two street to function) Given that what you could do is simple have an ethernet cable with the transmit pair of your dropbox clipped. Depends a little on the ethernet card, but some of em need to be fumbled with in order to get em to understand that its ok to work without a carrier at the peer. (Or the hub/switch.) That would be my solution to a dropbox. Fancy version would be one that has two interfaces, so you could tie it to your internal network, and process logs from there on, completely safe. The only drawback is that a Denial of Service is still possible, a malicious individual still could flood your syslog port on the dropbox and clobber the real logs that way. When you eliminated the change of a cracker modifying the logs, you sort of have the freedom to do whatever is convenient as far as storage goes. roel, Good.... Bad... I'm the guy with root.
Current thread:
- "Dropsafe" logs Scott Crawford (Apr 08)
- Re: "Dropsafe" logs Roelof JT Jonkman (Apr 08)
- Re: "Dropsafe" logs Jim Laverty (Apr 10)
- Re: "Dropsafe" logs Joseph S D Yao (Apr 10)
- <Possible follow-ups>
- Re: "Dropsafe" logs Steven M. Bellovin (Apr 08)
- RE: "Dropsafe" logs Frank W. Keeney (Apr 10)
- Re: "Dropsafe" logs Bret McDanel (Apr 10)
- Re: "Dropsafe" logs Bret McDanel (Apr 10)
- RE: "Dropsafe" logs Russ (Apr 10)
- Re: "Dropsafe" logs Robert Graham (Apr 10)
- Re: "Dropsafe" logs Steven M. Bellovin (Apr 10)
- Re: "Dropsafe" logs Info Security Office - ITS - Yale Univ. (Apr 10)