In some email I received from Volker Wiegand, sie wrote:
>
> On Wed, 20 Oct 1999, Darren Reed wrote:
>
> > In some email I received from Volker Wiegand, sie wrote:
> > [...]
> > > Hmmm, I still would prefer a "well known port". Anp please one below 1024
> > > because this is more of a system that a user service. Ephemeral ports may
> > > invite DoS attacks.
> >
> > Of course.
> >
> > Is it appropriate to approach the IANA for a port number below 1024 to be
> > allocated before we have a protocol documented ?
> >
> No, of course not. My posting was merely a reply to the 10514 port and "it
> does not matter" posting I was quoting.
If DoS attacks are a concern, the port number is irrelevant. The problem
here with a port > 1024 is when it is running on a multi-user system that
`students' (in this case) can log on to and run something else instead.
In my mind, the protocol should not require every syslog client to listen
on such a port any more than every web browser listens on port 80. In a
previous email, the idea of the syslog server talking to others and
requesting syslog information would work better with a port number under
1024.
Hmmm. Should a new syslog protocol restrict itself to one mode of
operation (client->server) or include two (the other being
server->client) ? They both appear to have advantages in different
contexts, for security/configuration. Should both be pursued even ?
Darren
