Re: flash

Darren Reed (avalon@coombs.anu.edu.au)
Sun, 21 Aug 1994 02:42:56 +1000 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Doug Siebert: "Re: flash"
Previous message: J. A. Viehweg: "Re: Legality of warnings"
Maybe in reply to: Timothy Newsham: "flash"
Next in thread: Doug Siebert: "Re: flash"

> 
> and there's already programs written for spoofing syslogd messages so
> it appears the message came from anywhere from anyone with any type of
> garbage.
host# cat > bind.c <<_EOF_
#include <sys/types.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <sys/syscall.h>

int bind(fd, sk, sl)
int fd, sl;
struct sockaddr_in *sk;
{
	if (sk->sin_family == AF_INET) sk->sin_addr.s_addr = 0x7f000001;
	return syscall(SYS_bind, fd, sk, sl);
}
_EOF_
host# cc -O -pic bind.c
host# ld -assert pure-text bind.o -ldl
host# mv a.out libbind.o
host# setenv LD_PRELOAD libbind.o
host# syslogd
host# unsetenv LD_PRELOAD

That should cover it, no ?

Restricts syslogd to the local machine, but that is the desired effect in
the short term with no form of authetication, etc being in the protocol.

Either that or get a freeware syslogd from netbsd or whoever, hack and
compile that.  Still is a problem if you like using "loghost".  Any more
ideas on solving that in the short term ?

darren
p.s. I wrote that just now to give ppl an idea for a solution, if it actually
     works, it's a bonus :)

Next message: Doug Siebert: "Re: flash"
Previous message: J. A. Viehweg: "Re: Legality of warnings"
Maybe in reply to: Timothy Newsham: "flash"
Next in thread: Doug Siebert: "Re: flash"