Is it time to block all Microsoft protocols in the core?
Joe Abley
jabley at isc.org
Tue Jan 28 19:40:09 UTC 2003
On Monday, Jan 27, 2003, at 14:04 Asia/Katmandu, Sean Donelan wrote:
> Its not just a Microsoft thing. SYSLOG opened the network port by
> default, and the user has to remember to disable it for only local
> logging.
You're using mixed tense in these sentences, so I can't tell whether
you think that syslog's network port is open by default on operating
systems today.
On FreeBSD, NetBSD, OpenBSD and Darwin/Mac OS X (the only xterms I
happen to have open right now) this is not the case, and has not been
for some time. I presume, perhaps naïvely, that other operating systems
have done something similar.
>> [...]
>>
>> DESCRIPTION
>> syslogd reads and logs messages to the system console, log
>> files, other
>> machines and/or users as specified by its configuration file.
>>
>> The options are as follows:
>>
>> [...]
>>
>> -u Select the historical ``insecure'' mode, in which
>> syslogd will
>> accept input from the UDP port. Some software wants
>> this, but
>> you can be subjected to a variety of attacks over the
>> network,
>> including attackers remotely filling logs.
>>
>> [...]
Joe
More information about the NANOG
mailing list