> > and there's already programs written for spoofing syslogd messages so > it appears the message came from anywhere from anyone with any type of > garbage. host# cat > bind.c <<_EOF_ #include <sys/types.h> #include <netinet/in.h> #include <sys/socket.h> #include <sys/syscall.h> int bind(fd, sk, sl) int fd, sl; struct sockaddr_in *sk; { if (sk->sin_family == AF_INET) sk->sin_addr.s_addr = 0x7f000001; return syscall(SYS_bind, fd, sk, sl); } _EOF_ host# cc -O -pic bind.c host# ld -assert pure-text bind.o -ldl host# mv a.out libbind.o host# setenv LD_PRELOAD libbind.o host# syslogd host# unsetenv LD_PRELOAD That should cover it, no ? Restricts syslogd to the local machine, but that is the desired effect in the short term with no form of authetication, etc being in the protocol. Either that or get a freeware syslogd from netbsd or whoever, hack and compile that. Still is a problem if you like using "loghost". Any more ideas on solving that in the short term ? darren p.s. I wrote that just now to give ppl an idea for a solution, if it actually works, it's a bonus :)