Re: Secure remote syslogging?

To: debian-security@lists.debian.org
Subject: Re: Secure remote syslogging?
From: Sven.Riedel@tu-clausthal.de
Date: Tue, 29 Apr 2003 20:35:23 +0200
Message-id: <[🔎] 20030429183523.GA16946@moog.heim1.tu-clausthal.de>
Reply-to: Sven.Riedel@tu-clausthal.de
In-reply-to: <[🔎] 20030429125451.GA1523@yosamite.tekno.house>
References: <[🔎] 3EA6ECE8.17046.1E3FFC@localhost> <[🔎] 20030429125451.GA1523@yosamite.tekno.house>

On Tue, Apr 29, 2003 at 10:54:51PM +1000, Sam Couter wrote:
> Stefan Neufeind <stefan@neufeind.net> wrote:
> > what is the best way to remotely syslog? In
> 
> Use a dedicated machine. Cut the 'transmit' pair in the CAT5 cable.
> syslog is UDP, which is only one-way, so it doesn't need to transmit.
> 
> Obviously you'll have no remote access to the syslog server, but neither
> will an attacker.

That solution seems rather harsh. Another way (without syslog, granted)
would be setting up a dedicated machine to do stealth logging. Somewhat
less intense on the hardware penetration part ;)

Regs,
Sven



-- 
Sven Riedel                      sr@gimp.org
Osteroeder Str. 6 / App. 13      sven.riedel@tu-clausthal.de
38678 Clausthal                  "Python is merely Perl for those who
                                  prefer Pascal to C" (anon)

Reply to:

References:
- Secure remote syslogging?
  - From: "Stefan Neufeind" <stefan@neufeind.net>
- Re: Secure remote syslogging?
  - From: Sam Couter <sam@couter.dropbear.id.au>

Prev by Date: Re[2]: Port forwarding wrong after days
Next by Date: mysql update for Woody?
Previous by thread: Re: [despammed] Re: Secure remote syslogging?
Next by thread: Oops. Apologies to all.
Index(es):
- Date
- Thread