Regarding the chained MACs I've suggested, Darren Reed <[EMAIL PROTECTED]> wrote: > How do you deal with lost messages (which are H0 for the next message) ? The gap in the stream is detected, but not recoverable, of course. A gap might be distinguished from an isolated bogus message if the stream is consistent beyond the gap. An attacker can physically disconnect and replace the device entirely and substitute his own syslog source, of course, but I think some physical security must be assumed. This is not going to solve all or perhaps even many security problems but it's an enhancement that can go immediately into embedded devices logging to the existing syslogd. Alex
Re: Living with today's syslog (sorry for garbled prior msg...)
by way of "Chris M. Lonvick" <[EMAIL PROTECTED]> Mon, 10 Apr 2000 10:19:16 -0700
