|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: flash
Darren Reed (avalon
coombs.anu.edu.au)Sun, 21 Aug 1994 02:42:56 +1000 (EST)
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Doug Siebert: "Re: flash"
- Previous message: J. A. Viehweg: "Re: Legality of warnings"
- Maybe in reply to: Timothy Newsham: "flash"
- Next in thread: Doug Siebert: "Re: flash"
>
> and there's already programs written for spoofing syslogd messages so
> it appears the message came from anywhere from anyone with any type of
> garbage.
host# cat > bind.c <<_EOF_
#include <sys/types.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <sys/syscall.h>
int bind(fd, sk, sl)
int fd, sl;
struct sockaddr_in *sk;
{
if (sk->sin_family == AF_INET) sk->sin_addr.s_addr = 0x7f000001;
return syscall(SYS_bind, fd, sk, sl);
}
_EOF_
host# cc -O -pic bind.c
host# ld -assert pure-text bind.o -ldl
host# mv a.out libbind.o
host# setenv LD_PRELOAD libbind.o
host# syslogd
host# unsetenv LD_PRELOAD
That should cover it, no ?
Restricts syslogd to the local machine, but that is the desired effect in
the short term with no form of authetication, etc being in the protocol.
Either that or get a freeware syslogd from netbsd or whoever, hack and
compile that. Still is a problem if you like using "loghost". Any more
ideas on solving that in the short term ?
darren
p.s. I wrote that just now to give ppl an idea for a solution, if it actually
works, it's a bonus :)
- Next message: Doug Siebert: "Re: flash"
- Previous message: J. A. Viehweg: "Re: Legality of warnings"
- Maybe in reply to: Timothy Newsham: "flash"
- Next in thread: Doug Siebert: "Re: flash"