Bugtraq mailing list archives
Re: flash
From: dsiebert () icaen uiowa edu (Doug Siebert)
Date: Sat, 20 Aug 1994 15:50:02 -0500
and there's already programs written for spoofing syslogd messages so it appears the message came from anywhere from anyone with any type of garbage.
Darren Reed <avalon () coombs anu edu au> replies with:
host# cat > bind.c <<_EOF_ #include <sys/types.h> #include <netinet/in.h> #include <sys/socket.h> #include <sys/syscall.h>
int bind(fd, sk, sl) int fd, sl; struct sockaddr_in *sk; { if (sk->sin_family == AF_INET) sk->sin_addr.s_addr = 0x7f000001; return syscall(SYS_bind, fd, sk, sl); } _EOF_ host# cc -O -pic bind.c host# ld -assert pure-text bind.o -ldl host# mv a.out libbind.o host# setenv LD_PRELOAD libbind.o host# syslogd host# unsetenv LD_PRELOAD
That should cover it, no ?
Restricts syslogd to the local machine, but that is the desired effect in the short term with no form of authetication, etc being in the protocol.
Either that or get a freeware syslogd from netbsd or whoever, hack and compile that. Still is a problem if you like using "loghost". Any more ideas on solving that in the short term ?
darren p.s. I wrote that just now to give ppl an idea for a solution, if it actually works, it's a bonus :)
I'm not sure if this is true on all systems, but I know on HP-UX if you comment out the "syslog" line in /etc/services it won't bind the UDP socket to listen on at all, which would have the same effect with less hassle. And it is likely to be more portable than the SunOS hack, since most versions of syslog would be likely to do a getservbyname("syslog"). Doug Siebert dsiebert () isca uiowa edu
Current thread:
- flash Timothy Newsham (Aug 19)
- <Possible follow-ups>
- Re: flash hoodr () hoodr slip netcom com (Aug 19)
- Re: flash Christopher Klaus (Aug 19)
- Re: flash Timothy Newsham (Aug 19)
- Re: flash Doug Siebert (Aug 20)
- Re: flash der Mouse (Aug 20)
- Re: flash John D'Agostino (Aug 22)
- Re: flash Valdis.Kletnieks () vt edu (Mar 13)
- Re: flash John D'Agostino (Aug 22)
- Re: flash der Mouse (Aug 24)