Hi Gleb, > now all kernel messages are printed to system console by default: > > *.err;kern.debug;auth.notice;mail.crit /dev/console > > There is a problem that in case of a serial console, this printing > is very slow and heavily pessimizes box performance, when kernel > messages are printed at high speed. Moreover, several kernel messages > with LOG_DEBUG severity can be triggered remotely, for example > sending bogus ARP replies. So, sending bogus ARP packets to a > FreeBSD box with serial console may lead to a DoS like conditions. I don't want to be picky, you are right. I encountered this behaviour while working on a Linux firewall which was printing all NetFilter's log on the console (which in turn was a serial link). I have wondered for a few days why the hell making a nmap scan from a DSL connexion would come off having a ping of 20 seconds and 100% CPU usage whereas my tests through a 100Mbits link left it emotionless. But, although it is possible to trigger kernel message remotely sending fake ARP packets, I really do not want to have my FreeBSD box being silent by default when I am ARP spoofed. Furthermore, once the attacker is able to have local network access, there are numerous ways to make a DoS on the service the server provides anyway. Best regards, -- Jeremie Le Hen jeremie at le-hen dot orgReceived on Thu Feb 17 2005 - 19:13:48 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:28 UTC