At 17:21 23.11.99 -0500, Shafik Yaghmour wrote:
> So if you have a high system load it is okay to have some of the
>syslog messages lost? Hmm, I dunno, IMHO it is never okay, I mean why
>should you open up the opportunity at all. You know, security based on
>something being "not so prone to failure" doesn't exactly make me feel
>warm and cozy.
For the connection of syslogd there seems to be two solutions:
* datagram sockets / connection less:
- messages could get lost on transport
+ no resource exhaustion possible,
malicious client can't bring service down
* stream sockets / connection based:
+ no messages could get lost on transport
- resource exhaustion possible,
malicious client can bring service down
Both solutions have advantages and disadvantages.
By
Goetz
--
Goetz Babin-Ebell mailto:[EMAIL PROTECTED]
TC Trust Center for Security http://www.trustcenter.de
in Data Networks GmbH Tel.: +49-40-80 80 26-0
Sonninstr. 24-28 / 20097 Hamburg / Germany Fax.: +49-40-80 80 26-126
