Date: Tue, 25 Aug 1998 14:45:26 -0500 (CDT) From: James Wyatt <jwyatt@rwsystr.RWSystems.net> To: Paul Hart <hart@iserver.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Scaring the bezeesus out of your system admin as a normal user: Message-ID: <Pine.LNX.3.91.980825142708.2664D-100000@rwsystr.RWSystems.net> In-Reply-To: <Pine.BSF.3.96.980824102154.5333A-100000@anchovy.orem.iserver.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 24 Aug 1998, Paul Hart wrote: > On Fri, 21 Aug 1998, Ben wrote: > > -s Operate in secure mode. Do not listen for log message from re- > > mote machines. > This is kind of a related question, but in 2.2.7-RELEASE syslogd appears > to have been modified to bind to its UDP port even if it is run with the > -s flag. It does discard packets received on the port (but still logs a > message about it!), but should it not even bind to the port when running > in secure mode? It didn't bind to the port in previous versions, if > memory serves. I would like to know if my syslogd receives packets from misconfigs or miscreants, but was thinking about using ipfw logging for it. This (IMHO, hackish) modification seems like too much of a bending from 'average' syslogd behaviour. Also: has anyone had a daemon that allowed authentication (from somewhere not normally 'trusted' via something like s-key) and then altered ipfw's rules to trust that site/host for a while? Like the securecard stuff where you telnet to the router, respond to a challenge, and then it annoints you for a count (once!) or time for telnet or ftp connect and then doesn't trust that net/address again. A daemon could bind to a given port, wait connect, perform authentication, query what level of access, enable host access, wait for a given peroid, and disable host access. The tricky part is limiting the number of connections: ipfw doesn't seem to know connection state. If I remove the routing rules the existing connections are dead. If I limit connects and allow other TCP packets through, I am exposed to session hijacking. Oh well, I was just curious if anyone else had done it, enough jabbering... Thanks and I *really* appreciate the amount of work that's gone into ipfw. James Wyatt (jwyatt@rwsystems.net) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.91.980825142708.2664D-100000>