Vulnerability Development mailing list archives
Re: Possible syslogd DoS ?
From: Robert van der Meulen <rvdm () wiretrip org>
Date: Thu, 4 Oct 2001 17:43:59 +0200
Quoting Pavel Kankovsky (peak () argo troja mff cuni cz):
2. implement a method allowing syslogd to identify a subject sending messages and... 2a. make syslogd record that information (making syslog spamming accountable and punishable) 2b. implement some kind of quotas in syslogd using this information
This doesn't fill up the harddisk, but creates a DoS attack against syslog (which was already present); so this only fixes the problem for people who have their logs on partitions that shouldn't fill up. There are a couple of problems that need to be solved: - Everyone can fill up a partition by logging things to syslog - Syslog can't log anymore when the partition where the log resides gets full IMHO, the second problem can't be solved; diskspace is always finite. Rotating is not an option, cyclic logging is not an option - Bad Luck. So what does need fixing, is the 'everyone-can-fill-up-the-logfile-partition' problem, for which i think the 'sysloggers' group method sounds like a good solution. Greets, Robert -- Linux Generation encrypted mail preferred. finger rvdm () debian org for my GnuPG/PGP key. "well you should probably thank me anyway, those disks needed a major clean up :)" -- Cracker
Current thread:
- Re: Possible syslogd DoS ?, (continued)
- Re: Possible syslogd DoS ? VeNoMouS (Oct 04)
- Re: Possible syslogd DoS ? VeNoMouS (Oct 04)
- Re: Possible syslogd DoS ? Petr Baudis (Oct 04)
- Re: Possible syslogd DoS ? Petr Baudis (Oct 05)
- Re: Possible syslogd DoS ? H D Moore (Oct 05)
- Re: Possible syslogd DoS ? Tim Walberg (Oct 05)
- Re: Possible syslogd DoS ? Petr Baudis (Oct 05)
- AnalogX Proxy SMTP server relay Claymore (Oct 05)
- Re: AnalogX Proxy SMTP server relay Joe Stewart (Oct 06)
- Re: Possible syslogd DoS ? Robert van der Meulen (Oct 04)
- Re: Possible syslogd DoS ? White Vampire (Oct 04)
- Re: Possible syslogd DoS ? Pavel Kankovsky (Oct 07)
- Re: Possible syslogd DoS ? Thiago Conde Figueiro (Oct 04)
- Re: Possible syslogd DoS ? Petr Baudis (Oct 04)