Hmmm, this means that running tcplogd is a security hazard...
Thanks,
Onno
At 01:25 AM 11/13/99 +0100, Engard Ferenc wrote:
On Fri, 12 Nov 1999, Onno wrote:
>At 09:37 PM 11/11/99 +0100, Ralf Nyren wrote:
>>In package iplogger there is a daemon, tcplogd, which logs incoming
>>tcp-connection attempts to syslog.
>> It seems that this daemon forks a child for every connection
discovered and
>>if for example the machine running tcplogd is syn-flooded there will be a
>>lot of tcplogd's forked.
>Do you mean that you didn't -compile- it in the kernel???
>(I'm not sure there is an option or not....)
>Or that you didn't enable it (root# sysctl -w net/ipv4/tcp_syncookies=1) ???
You don't need to get a synflood, anyway. I suspect that even one or
two portscan in a short time will be enough. (I think that that was
the problem with our machine, when it ran 20x tcplogd, and there was
a 74 load average...) :(
Bye:
Circum
__ @
/ \ _ _ Engárd Ferenc
l | ( \ / | | (\/) mailto:[EMAIL PROTECTED]
\__/ | | \_ \_/ I I http://pons.sote.hu/~s-fery
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
