><snip>
>...users who have shut down VNC get a personal encounter with
>some "sucker rod" [1].
>
>[1] - See the syslogd(8) man page on most Linux systems.
>
></snip>
>
>The cygwin man page for syslogd has no reference for "sucker rod". Can you
>briefly summarize the reference <grumble> all MS machines at work </grumble>
bash$ man syslogd
[...]
SECURITY THREATS
There is the potential for the syslogd daemon to be used as a conduit
for a denial of service attack. Thanks
go to John Morrison ([EMAIL PROTECTED]) for alerting me to this
potential. A rogue program(mer) could
very easily flood the syslogd daemon with syslog messages resulting in
the log files consuming all the remain�
ing space on the filesystem. Activating logging over the inet domain
sockets will of course expose a system to
risks outside of programs or individuals on the local machine.
There are a number of methods of protecting a machine:
1. Implement kernel firewalling to limit which hosts or networks
have access to the 514/UDP socket.
2. Logging can be directed to an isolated or non-root
filesystem which, if filled, will not impair the
machine.
3. The ext2 filesystem can be used which can be configured to limit
a certain percentage of a filesystem to
usage by root only. NOTE that this will require syslogd to
be run as a non-root process. ALSO NOTE
that this will prevent usage of remote logging since syslogd
will be unable to bind to the 514/UDP
socket.
4. Disabling inet domain sockets will limit risk to the local
machine.
5. Use step 4 and if the problem persists and is not
secondary to a rogue program/daemon get a 3.5 ft
(approx. 1 meter) length of sucker rod* and have a chat with the
user in question.
Sucker rod def. -- 3/4, 7/8 or 1in. hardened steel rod, male
threaded on each end. Primary use in the
oil industry in Western North Dakota and other locations to
pump 'suck' oil from oil wells. Secondary
uses are for the construction of cattle feed lots and for
dealing with the occasional recalcitrant or
belligerent individual.
--------------------------------------------------------------
from: Jonathan "Chromatix" Morton
mail: [EMAIL PROTECTED] (not for attachments)
big-mail: [EMAIL PROTECTED]
uni-mail: [EMAIL PROTECTED]
The key to knowledge is not to rely on people to teach you it.
Get VNC Server for Macintosh from http://www.chromatix.uklinux.net/vnc/
-----BEGIN GEEK CODE BLOCK-----
Version 3.12
GCS$/E/S dpu(!) s:- a20 C+++ UL++ P L+++ E W+ N- o? K? w--- O-- M++$ V? PS PE-
Y+ PGP++ t- 5- X- R !tv b++ DI+++ D G e+ h+ r++ y+(*)
-----END GEEK CODE BLOCK-----
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
