From owner-freebsd-security  Wed Jan  6 03:39:59 1999
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id DAA01003
          for freebsd-security-outgoing; Wed, 6 Jan 1999 03:39:59 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from shell6.ba.best.com (shell6.ba.best.com [206.184.139.137])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id DAA00998
          for <freebsd-security@FreeBSD.ORG>; Wed, 6 Jan 1999 03:39:58 -0800 (PST)
          (envelope-from jkb@shell6.ba.best.com)
Received: (from jkb@localhost)
	by shell6.ba.best.com (8.9.1/8.9.0/best.sh) id DAA27662;
	Wed, 6 Jan 1999 03:38:59 -0800 (PST)
Message-ID: <19990106033859.A26493@best.com>
Date: Wed, 6 Jan 1999 03:38:59 -0800
From: "Jan B. Koum " <jkb@best.com>
To: sthaug@nethelp.no, avalon@coombs.anu.edu.au
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: kernel/syslogd hack
References: <199901060935.UAA24071@cheops.anu.edu.au> <7158.915619144@verdi.nethelp.no>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.2i
In-Reply-To: <7158.915619144@verdi.nethelp.no>; from sthaug@nethelp.no on Wed, Jan 06, 1999 at 11:39:04AM +0100
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, Jan 06, 1999 at 11:39:04AM +0100, sthaug@nethelp.no wrote:
> > In what I think is a "bug" (or missing feature), commenting out syslog/514
> > in /etc/services causes syslogd not to start rather than to just not open
> > up the UDP port (2.2.5) but "syslogd -s" shuts down the UDP port for
> > reception of syslog messages, so that's covered.
> 
> No, "syslogd -s" does *not* shut down the UDP port - at least not in
> 
> $Id: syslogd.c,v 1.46 1998/12/29 23:14:50 cwt Exp $
> 
> Instead the packets are received and then logged as
> 
> "syslogd: discarded %d unwanted packets in secure mode, last from %s"
> 
> I would much prefer that it actually not listened to the UDP port at all.
> 
> Steinar Haug, Nethelp consulting, sthaug@nethelp.no
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

	Exactly. And in this case ipfw/ipf is your friend (or ACL on a 
	router) if '-s' alone does not make you feel warm and fuzzy:

# ipfw add 9999 deny udp from any to ${my_ip} 514

-- Yan

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message