[55401] in North American Network Operators' Group
Re: Is it time to block all Microsoft protocols in the core?
daemon@ATHENA.MIT.EDU (Joe Abley)
Tue Jan 28 14:40:53 2003
Date: Wed, 29 Jan 2003 01:25:09 +0545
Cc: nanog@merit.edu
To: Sean Donelan <sean@donelan.com>
From: Joe Abley <jabley@isc.org>
In-Reply-To: <Pine.GSO.4.44.0301270247250.18344-100000@clifden.donelan.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Monday, Jan 27, 2003, at 14:04 Asia/Katmandu, Sean Donelan wrote:
> Its not just a Microsoft thing. SYSLOG opened the network port by
> default, and the user has to remember to disable it for only local
> logging.
You're using mixed tense in these sentences, so I can't tell whether=20
you think that syslog's network port is open by default on operating=20
systems today.
On FreeBSD, NetBSD, OpenBSD and Darwin/Mac OS X (the only xterms I=20
happen to have open right now) this is not the case, and has not been=20
for some time. I presume, perhaps na=EFvely, that other operating =
systems=20
have done something similar.
>> [...]
>>
>> DESCRIPTION
>> syslogd reads and logs messages to the system console, log=20
>> files, other
>> machines and/or users as specified by its configuration file.
>>
>> The options are as follows:
>>
>> [...]
>>
>> -u Select the historical ``insecure'' mode, in which=20
>> syslogd will
>> accept input from the UDP port. Some software wants=20
>> this, but
>> you can be subjected to a variety of attacks over the=20
>> network,
>> including attackers remotely filling logs.
>>
>> [...]
Joe
