Re: Is it time to block all Microsoft protocols in the core?

North American Network Operators Group

Re: Is it time to block all Microsoft protocols in the core?

From: Joe Abley
Date: Tue Jan 28 14:42:46 2003

On Monday, Jan 27, 2003, at 14:04 Asia/Katmandu, Sean Donelan wrote:

Its not just a Microsoft thing.  SYSLOG opened the network port by
default, and the user has to remember to disable it for only local
logging.

You're using mixed tense in these sentences, so I can't tell whether you think that syslog's network port is open by default on operating systems today.

On FreeBSD, NetBSD, OpenBSD and Darwin/Mac OS X (the only xterms I happen to have open right now) this is not the case, and has not been for some time. I presume, perhaps na�vely, that other operating systems have done something similar.

[...]

DESCRIPTION
syslogd reads and logs messages to the system console, log files, other
machines and/or users as specified by its configuration file.

The options are as follows:

[...]

-u Select the historical ``insecure'' mode, in which syslogd will
accept input from the UDP port. Some software wants this, but
you can be subjected to a variety of attacks over the network,
including attackers remotely filling logs.

[...]

Joe

Follow-Ups:
- Re: Is it time to block all Microsoft protocols in the core? Joe Abley
- Re: Is it time to block all Microsoft protocols in the core? David Charlap

References:
- Is it time to block all Microsoft protocols in the core? Sean Donelan

Prev by Date: RE: Banc of America Article
Next by Date: RE: What could have been done differently?
Date Index
Thread Index
Author Index
Historical