On Wed, 20 Oct 1999, Darren Reed wrote:
> If DoS attacks are a concern, the port number is irrelevant. The problem
> here with a port > 1024 is when it is running on a multi-user system that
> `students' (in this case) can log on to and run something else instead.
>
Hmmm, what could be a better DoS attack than this?
> In my mind, the protocol should not require every syslog client to listen
> on such a port any more than every web browser listens on port 80. In a
> previous email, the idea of the syslog server talking to others and
> requesting syslog information would work better with a port number under
> 1024.
>
To be honest, I don't get your point here.
> Hmmm. Should a new syslog protocol restrict itself to one mode of
> operation (client->server) or include two (the other being
> server->client) ? They both appear to have advantages in different
> contexts, for security/configuration. Should both be pursued even ?
>
> Darren
>
Volker
