Date: Tue, 05 Oct 1999 18:54:25 -0700 From: The Mad Scientist <madscientist@thegrid.net> To: freebsd-security@freebsd.org Subject: Re: Syslog over serial Message-ID: <4.1.19991005185332.009763d0@mail.thegrid.net>
next in thread | raw e-mail | index | archive | help
At 07:27 AM 10/5/99 +0200, you wrote: >> Great, thanks. What about connecting a few machines to a central logging >> server with this setup? Will I have to get a board for the logging server >> with a number of parallel ports? Can I get whatever hardware that is used >> to hook up multiple printers to a single machine? > >Well the idea is quite good, but dangerous! > >The intention to send syslog over a serial line is not to have an IP >connection betwen the sender (normaly a server in a dmz) and a logging host. >So if you establish a p-t-p IP connection, it's easier to use an ethernet >wire ... just to keep in mind. > > Randolf I figured all the normal rules of tcp/ip applied to a ptp connection over parallel. This means that I've created a connection across my inner firewall. I suppose one solution would be to run ipfw on the logging host and allow only udp-port-514-traffic in. Of course, I might as well be using ethernet. ^_^ Parallel lines add some protection from snooping though. Perhaps encrypted syslog is a better alternative. (I remember the pseudo-flame wars over secure syslog a few months ago. I'll go troll the archives) Thanks to all who replied (but don't let this email discourage you from putting in your thoughts about running syslog over serial lines.) -Dean To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.1.19991005185332.009763d0>