[Dshield] Re: syslog

Bruce Lilly blilly at erols.com
Mon Mar 4 17:32:34 GMT 2002


> Subject: Re: [Dshield] New Client: TinyFirewall / Syslog
> Date: Sun, 3 Mar 2002 13:33:50 -0500 (EST)
> From: "Johannes B. Ullrich" <jullrich at sans.org>

> Syslog is a very problematic protocol and is not intented for use
> in the "wild". Syslog sends simple UDP messages, that can be spoofed
> and hijacked along the way. Some people describe syslog as an
> un-authenticated disk filler.
> 
> If you have to send syslog messages across the internet, you should use
> some kind of encrypted channel.

See RFC 3195 w.r.t. both issues. There is a TCP version of syslog (port 601).
3195 also provides for authentication via BEEP (RFC 3080).




More information about the list mailing list