I see that at times it is recommended to set remoted.verify_msg_id to 0 in the internal_options.conf or local_internal_options.conf file of the OSSEC server and/or agent, like when you are deploying HA or otherwise having trouble with rids getting out of sync between agents and server. Besides losing protection from an attacker replaying agent messages in an attempt to DoS my server, are there any other downsides to taking this action? Are there other common benign causes of OSSEC agent message re-transmissions that this anti-replay feature is also intended to protect me from?
Kevin -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
