[2820] in bugtraq
Re: Write-only devices (Was read only devices)
daemon@ATHENA.MIT.EDU (Matthew Cable/USA.NET Inc.)
Wed Jun 26 15:13:09 1996
Date: Wed, 26 Jun 1996 12:06:57 -0600
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: "Matthew Cable/USA.NET Inc." <mec@usa.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <Pine.LNX.3.91.960625225823.6321A-100000@reptile.rug.ac.be>
On Tue, 25 Jun 1996, DevilBunny wrote:
>
> Sending unencrypted logs over a public network, what a great idea. Some
> of my logs actually contain passwds for failed logins and ppp connections.
>
if your logs contain passwords you should be shot....
> besides, with udp and listen only, there is no way *you* know the message
> has been received intact and or if it has been able to be writen to disk
> in time
# snoop host ticky-tacky and host earth
Using device /dev/le (promiscuous mode)
ticky-tacky -> earth SYSLOG C port=43395 <37>Jun 26 11:57:54
ticky-tacky -> earth SYSLOG C port=43395 <37>Jun 26 11:58:12
look at that.....there is no response anyhow....and I didn't clip my
transmit wire.
you NEVER know if syslog messages get to where they're going
a log 'dropbox' is a good idea, but you might miss something. This is
why you back it up with local logs for important info. Send everything
to the 'dropbox' machine, but stuff like kernel errors/etc that might not
make it to the machine if there's a problem should also be stored locally
on each machine.
#!/usr/bin/perl -- Matthew Cable -- USA.NET -- Senior System Administrator
$fof='8a*)v2*^Gf#*5S="!jh!;F)]#T):)#&f5kR^(%!E<F#Pf)@2farf&*#ahgu)%C:V5R';
print;$arf=eval{$foo="t1!A53%%1!RBF13!\@$%r/R!$7A39\@aB-z^*#\\)BAS/13/4d";
eval{print;};$foo=~tr/A-Z0-9%$!@!//d;$foo;};$tmp="\$fof=~$arf;";eval $tmp;
eval;eval;eval;$\=unpack(u35,$fof)."\n";print #;)>#;0>#:|#8)#;P#80#:o#;)#;
