Date: Thu, 17 Feb 2005 21:13:11 +0100 From: Jeremie Le Hen <jeremie@le-hen.org> To: Gleb Smirnoff <glebius@freebsd.org> Cc: current@freebsd.org Subject: Re: changing debuglevel of kernel messaging going to console Message-ID: <20050217201311.GN82324@obiwan.tataz.chchile.org> In-Reply-To: <20050217135609.GA97455@cell.sick.ru> References: <20050217135609.GA97455@cell.sick.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Gleb, > now all kernel messages are printed to system console by default: > > *.err;kern.debug;auth.notice;mail.crit /dev/console > > There is a problem that in case of a serial console, this printing > is very slow and heavily pessimizes box performance, when kernel > messages are printed at high speed. Moreover, several kernel messages > with LOG_DEBUG severity can be triggered remotely, for example > sending bogus ARP replies. So, sending bogus ARP packets to a > FreeBSD box with serial console may lead to a DoS like conditions. I don't want to be picky, you are right. I encountered this behaviour while working on a Linux firewall which was printing all NetFilter's log on the console (which in turn was a serial link). I have wondered for a few days why the hell making a nmap scan from a DSL connexion would come off having a ping of 20 seconds and 100% CPU usage whereas my tests through a 100Mbits link left it emotionless. But, although it is possible to trigger kernel message remotely sending fake ARP packets, I really do not want to have my FreeBSD box being silent by default when I am ARP spoofed. Furthermore, once the attacker is able to have local network access, there are numerous ways to make a DoS on the service the server provides anyway. Best regards, -- Jeremie Le Hen jeremie at le-hen dot org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050217201311.GN82324>