On Fri, Aug 05, 2005 at 12:58:04PM +0200, mdff wrote: > <snip>....blah blah...<snap> > he'd better do man syslogd... but assume this: > - no pf for udp/514. > - a DOS or DDOS to this OPEN port.
To DOS or DDOS a udp port it does not need to be open. > - syslogd running just in "send mode". > - and finally: no remote syslogging configured because of only 1 box here. > > will it take more ressources to handle this with an open port > compared to a closed one or not? i guess yes. and for security, > i guess a closed port is still better, than an application reading > all packets and discarding them... The additional resource usage of this additional port is not measurable and a socket that was shutdown(fd, SHUT_RD); is mostly a closed port (in the read direction). syslogd does not read all packtes and discards them, the kernel discards them. -- :wq Claudio
