Re: [IMail Forum] SYSLOG Server - Backdoor/DOS Target?

[Mike K]

Concerning DoS's, just filter the log port at your border router. This should actually be part of your standard list of blocks.   I don't see any Imail filtering options. In Imail admin the general tab lists the log server ip address. Mine is 127.0.0.1 Looks like Imail could log to another server.   I actually stumbled across it when my DNS/log server died and need NT reinstalled. In the pinch I moved the failed DNS/Log Ip address to my Imail server along with DNS service and saw all the NAS log server info dumping into the LOGMMDD.txt files.   The log server is actually nice in the fact that each day starts a new log, just like Imail's SYSMMDD.txt files.   My old log server created one BIG file. Had to be stopped and deleted periodically.   Mike     ----- Original Message ----- From: Len Conrad To: [EMAIL PROTECTED] Sent: Thursday, November 16, 2000 6:02 PM Subject: Re: [IMail Forum] SYSLOG Server - Backdoor/DOS Target? Yes, Imail does function as a syslog. Using for my nas's. ok, fine, that's confirmed, thanks So is the fear justifie that syslog a DoS vulnerability for any cracker who just starts hosing down an Imail server with bogus syslog data?  Is there any way to access-control the Imail syslog server? to turn it off? Have you ever tried the other way, having imail be a syslog client to a remote server? thanks, Mike Len http://BIND8NT.MEIway.com: ISC BIND 8.2.2 p5 & 8.2.3 T6B for NT4 & W2K http://IMGate.MEIway.com:  Build free, hi-perf, anti-spam mail gateways