Vulnerability Development mailing list archives
Re: Possible syslogd DoS ?
From: Petr Baudis <pasky () pasky ji cz>
Date: Thu, 4 Oct 2001 21:34:10 +0200
I could be missing something here but doesn't newsyslog solve this problem by rotating logs based on size, date or both?
..snip..
I haven't done any testing myself but it sounds like if newsyslog can keep up before the disk is filled you shouldn't have a problem since newsyslog will over write previously rotated log files. This could be really trivial to defeat but thought its worth a mention.
well, then the attacker might just use this to rotate-out some, ehm, delicate informations ;-). -- Petr "Pasky" Baudis . . n = ((n >> 1) & 0x55555555) | ((n << 1) & 0xaaaaaaaa); n = ((n >> 2) & 0x33333333) | ((n << 2) & 0xcccccccc); n = ((n >> 4) & 0x0f0f0f0f) | ((n << 4) & 0xf0f0f0f0); n = ((n >> 8) & 0x00ff00ff) | ((n << 8) & 0xff00ff00); n = ((n >> 16) & 0x0000ffff) | ((n << 16) & 0xffff0000); -- C code which reverses the bits in a word. . . My public PGP key is on: http://pasky.ji.cz/~pasky/pubkey.txt -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GCS d- s++:++ a--- C+++ UL++++$ P+ L+++ E--- W+ N !o K- w-- !O M- !V PS+ !PE Y+ PGP+>++ t+ 5 X(+) R++ tv- b+ DI(+) D+ G e-> h! r% y? ------END GEEK CODE BLOCK------
Current thread:
- Re: Possible syslogd DoS ?, (continued)
- Re: Possible syslogd DoS ? Tim Walberg (Oct 05)
- Re: Possible syslogd DoS ? Petr Baudis (Oct 05)
- AnalogX Proxy SMTP server relay Claymore (Oct 05)
- Re: AnalogX Proxy SMTP server relay Joe Stewart (Oct 06)
- Re: Possible syslogd DoS ? Robert van der Meulen (Oct 04)
- Re: Possible syslogd DoS ? White Vampire (Oct 04)
- Re: Possible syslogd DoS ? Pavel Kankovsky (Oct 07)
- Re: Possible syslogd DoS ? Thiago Conde Figueiro (Oct 04)
- Re: Possible syslogd DoS ? Petr Baudis (Oct 04)