-----BEGIN PGP SIGNED MESSAGE----- On Mon, 10 Jan 2000, Salman Ahmed wrote:
> >>>>> "NLM" == Noah L Meyerhans <[EMAIL PROTECTED]> writes: > NLM> tcplogd and iplogger are used to log connection attempts to > NLM> your computer. There are known security problems related to > NLM> it. > > What security problems would those be ? DoS attacks. They're really quite easy to implement on a machine running tcplogd. Run a portscanner on the machine and you'll see the system load jump up to 70 or more. Run several portscanners at once (and loop them so the system is constantly being portscanned) and watch the load climb up to several hundred or more. It's almost trivial to bring a system to its knees like this. I discovered this on my own by portscanning my server, and received an official acknowledgement of the problem via the Debian security mailing list shortly afterwards. I don't know where to point you for a reference to this. I bet you could find something by looking at the archive of the security list. noah PGP Public Key available at http://www.morgul.net/~frodo/mail.html or by `finger -l [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBOHtKEodCcpBjGWoFAQEegwQAgsjEZVZafzaG8UC/1SdX5Z6KS/lOl9vo fk9mBEtoh+ohpvSmdr04RmFZ+71Px9Pr1/JLdToICAxCosMmPWsSJGQjEVyzM+4g FbJHCGU3IiG8XUH0aKYUz3Rxj+i5jdn/hzfOpVqg8aEoNpxJHMd7do034Su8sJWn tCr5kgKkkSc= =rdwR -----END PGP SIGNATURE-----
