Date: Fri, 12 Apr 1996 08:54:46 -0700 From: Paul Traina <pst@shockwave.com> To: Poul-Henning Kamp <phk@critter.tfs.com> Cc: current@FreeBSD.org Subject: Re: log_in_vain stuff Message-ID: <199604121554.IAA14067@precipice.shockwave.com> In-Reply-To: Your message of "Tue, 09 Apr 1996 21:05:34 -0000." <9391.829083934@critter.tfs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
From: Poul-Henning Kamp <phk@critter.tfs.com> Subject: Re: log_in_vain stuff > Poul, > Sorry to unilaterally change your defaults on you, but you just created > a security problem with the log in vain stuff. I have been out of town for a couple of days, it's OK. > You need to figure out a way to rate-limit these messages, otherwise you > can trivially knock a box into the ground with a packet generator. syslogd should rate-limit, not the kernel. 1. syslogd is not smart enough to rate limit if you scatter the ports 2. ratelimiting there only slows down filling up your logs, what about the CPU? The reason I left them on as default was mostly that I wanted to see if we had any bogons lurking (just like I did with phkmalloc initially). I think that they should be off by default, or possibly on, but go off after 10 messages, unless explicitly set "ON!" That sounds way too complicated. I think you should just leave them off, turn them on for debugging, and if you want them on, they do need internal rate limiting in the kernel (a simple check should be sufficient). Paul -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@ref.tfs.com TRW Financial Systems, In >>c. Future will arrive by its own means, progress not so.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199604121554.IAA14067>