Date: Fri, 1 Sep 2000 10:30:18 -0600 (MDT) From: Nate Williams <nate@yogotech.com> To: Brian Fundakowski Feldman <green@FreeBSD.ORG> Cc: James Wyatt <jwyatt@rwsystems.net>, Will Andrews <will@physics.purdue.edu>, "R.Sharma" <rsharma@apsara.barc.ernet.in>, freebsd-security@FreeBSD.ORG Subject: Re: How to clear IPFW counters Message-ID: <200009011630.KAA03810@nomad.yogotech.com> In-Reply-To: <Pine.BSF.4.21.0009010716290.27710-100000@green.dyndns.org> References: <Pine.BSF.4.10.10009010115090.39906-100000@bsdie.rwsystems.net> <Pine.BSF.4.21.0009010716290.27710-100000@green.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> There are several kinds of counters. One is the "packet matching" > counter, and another is the "bytes matching" counter. The one I added > recently was the "virtual logging counter", which has the sole purpose > of controlling the output of log messages for matched packets. > > I made the decision that it wouldn't be any kind of loss of security > to allow this counter to be reset (it can only be used to turn back > on logging which was disabled by having matched "logamount" number of > times). FWIW, I agree with this decision. The only kind of Attack that could be done with this is to constantly reset the counters such that the logs would eventually fill up your partition where the logfiles are stored, which would require the box to be root compromised. However, if root is compromised, there are much easier ways to fill up the partition, or for that matter generate syslog messages. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009011630.KAA03810>