Re: syslogd udp port

[imEnsion <imension_(_at_)_gmail_(_dot_)_com>]

haha, henning.. i love your technical responses to problems. they're
always very short, sweet and to the point (and you're 99.999% of the
time right).

if i could make it to a hackathon (or even get invited, heh) i'd buy a
round of beer for everyone to calm the *&%# down :P



On 8/5/05, Henning Brauer <lists-openbsd_(_at_)_bsws_(_dot_)_de> wrote:
> syslog shutdown()s  the port for reading. there is no real difference
> to not opening it at all.
> 
> * mdff <nospam_(_at_)_mgedv_(_dot_)_net> [2005-08-05 13:13]:
> > <snip>....blah blah...<snap>
> > he'd better do man syslogd... but assume this:
> > - no pf for udp/514.
> > - a DOS or DDOS to this OPEN port.
> > - syslogd running just in "send mode".
> > - and finally: no remote syslogging configured because of only 1 box here.
> >
> > will it take more ressources to handle this with an open port
> > compared to a closed one or not? i guess yes. and for security,
> > i guess a closed port is still better, than an application reading
> > all packets and discarding them...
> >
> > question: what about 1 more argv to have syslogd not to bind udp/514 at all?
> >
> > br, mdff...
> >
> 
> --
> BS Web Services, http://www.bsws.de/
> OpenBSD-based Webhosting, Mail Services, Managed Servers, ...
> Unix is very simple, but it takes a genius to understand the simplicity.
> (Dennis Ritchie)