Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: Drop a line in the peer's syslog at shutdown
joel jaeggli <joelja@bogus.com> Tue, 29 November 2016 20:12 UTC
Return-Path: <joelja@bogus.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB071129607; Tue, 29 Nov 2016 12:12:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.397
X-Spam-Level:
X-Spam-Status: No, score=-8.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-1.497] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EdY6WZcFIYRk; Tue, 29 Nov 2016 12:12:28 -0800 (PST)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2AA28129497; Tue, 29 Nov 2016 12:12:28 -0800 (PST)
Received: from mbp-4.local ([IPv6:2601:647:4201:9e61:d402:330f:9c2a:db6c]) (authenticated bits=0) by nagasaki.bogus.com (8.15.2/8.15.2) with ESMTPSA id uATKCI2v039139 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Tue, 29 Nov 2016 20:12:18 GMT (envelope-from joelja@bogus.com)
X-Authentication-Warning: nagasaki.bogus.com: Host [IPv6:2601:647:4201:9e61:d402:330f:9c2a:db6c] claimed to be mbp-4.local
To: Randy Bush <randy@psg.com>, Nick Hilliard <nick@foobar.org>
References: <FBD63625-3E82-44AC-9318-D6B6DFE86082@domino.org> <CAO367rVSyeBcJnt8yogV27POyS3VwWGCqgmD3ex79dUPN-Misg@mail.gmail.com> <CA+b+ER=EFuQ8L_A4VtdzWna4ZNM-rhPo8gXURaN2s3WAykrL+w@mail.gmail.com> <CAO367rX9gBfNHgqmy0NqiNMGkjzLRATj6PdiDYk_M1fAQx5s8g@mail.gmail.com> <CA+b+ERkMsCGhyHsttjq0Pout0vrAvGQ6F+HaTxr8=78YMeRFOA@mail.gmail.com> <58306620.4000308@foobar.org> <319AD952-C571-4085-8D56-C06A51F021E3@domino.org> <CA+b+ERnQ8FQXxJ6No6GUr9mdp7APRkULqsGbKf5bAigp34TvmQ@mail.gmail.com> <CAO367rW_TuXsMNJBanAc2gL66TW8s4p2u5zDKfHER5rb1rk7-Q@mail.gmail.com> <058F756D-3A68-4AA6-A9DC-63A1BF9A5184@domino.org> <m2shqahyli.wl-randy@psg.com>
From: joel jaeggli <joelja@bogus.com>
Message-ID: <5c492251-a6f4-8608-9784-0eb0bcd51672@bogus.com>
Date: Tue, 29 Nov 2016 12:12:17 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Thunderbird/50.0
MIME-Version: 1.0
In-Reply-To: <m2shqahyli.wl-randy@psg.com>
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="pKd1SvvCtJDqdsIaO22hU8VXGCUTAItgB"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/QdNkGOrSPuj-0YpTkzLPx0qkJso>
Cc: "idr@ietf.org" <idr@ietf.org>, "grow@ietf.org" <grow@ietf.org>
Subject: Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: Drop a line in the peer's syslog at shutdown
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Nov 2016 20:12:29 -0000
On 11/29/16 11:31 AM, Randy Bush wrote: > why do folk block syslog/514? because spoofing syslog entries is a thing. in general I don't let member of the general public emit junk into my logs except of course spammers who are quite well represented albeit indirectly, as is the case here. > who can come up with the first exploit based on a tricky entry? it's a fairly narrow surface area on the syslog reciver given the emitter is the routers syslogd so for example something like http://www.rsyslog.com/remote-syslog-pri-vulnerability/ is under the control of the syslogd not the sender. 128 characters is of somewhat limited value in syslog spoofing as you have to flap you bgp session in order to emit a new line. do you think reciver operation should be more tightly specified in some way? thanks joel > randy > > _______________________________________________ > Idr mailing list > Idr@ietf.org > https://www.ietf.org/mailman/listinfo/idr >
- [Idr] draft-snijders-idr-shutdown-00: Drop a line… Job Snijders
- Re: [Idr] draft-snijders-idr-shutdown-00: Drop a … Jon Mitchell
- Re: [Idr] draft-snijders-idr-shutdown-00: Drop a … Gert Doering
- Re: [Idr] draft-snijders-idr-shutdown-00: Drop a … Julian Seifert
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Marco d'Itri
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Job Snijders
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Peter Hessler
- Re: [Idr] draft-snijders-idr-shutdown-00: Drop a … Greg Hankins
- Re: [Idr] draft-snijders-idr-shutdown-00: Drop a … Sander Steffann
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Nick Hilliard
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Jeffrey Haas
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Job Snijders
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Jeffrey Haas
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Jeffrey Haas
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Job Snijders
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Jeffrey Haas
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Job Snijders
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Job Snijders
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Jeffrey Haas
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Job Snijders
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Robert Raszuk
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Jeffrey Haas
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Jakob Heitz (jheitz)
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … bruno.decraene
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Job Snijders
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … bruno.decraene
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Job Snijders
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … bruno.decraene
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Jakob Heitz (jheitz)
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Job Snijders
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Robert Raszuk
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Job Snijders
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Jesper Skriver
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Jared Mauch
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Jared Mauch
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Robert Raszuk
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Marco Marzetti
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Robert Raszuk
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Neil J. McRae
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Marco Marzetti
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Job Snijders
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Robert Raszuk
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Robert Raszuk
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Robert Raszuk
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Neil J. McRae
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Robert Raszuk
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Marco Marzetti
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Job Snijders
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Nick Hilliard
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Robert Raszuk
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Neil J. McRae
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Jeffrey Haas
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Robert Raszuk
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Jeffrey Haas
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Robert Raszuk
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Jeffrey Haas
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Robert Raszuk
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Jeffrey Haas
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Robert Raszuk
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Job Snijders
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Marco Marzetti
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Neil J. McRae
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Job Snijders
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Neil J. McRae
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Nick Hilliard
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Job Snijders
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Nick Hilliard
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Robert Raszuk
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Job Snijders
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Job Snijders
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Job Snijders
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Gert Doering
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Gaurab Raj Upadhaya
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Neil J. McRae
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Nick Hilliard
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Robert Raszuk
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Robert Raszuk
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Jakob Heitz (jheitz)
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … joel jaeggli
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Peter Hessler
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Job Snijders
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … John G. Scudder
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Jakob Heitz (jheitz)
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Jakob Heitz (jheitz)
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Jeffrey Haas
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … Randy Bush
- Re: [Idr] [GROW] draft-snijders-idr-shutdown-00: … joel jaeggli