Re: Syslog over SSH

From: Jose Nazario (jose@biocserver.BIOC.cwru.edu)
Date: 11/29/01


Date: Thu, 29 Nov 2001 17:06:38 -0500 (EST)
From: Jose Nazario <jose@biocserver.BIOC.cwru.edu>
To: Rafael Vidal Aroca <rafael@3wt.com.br>
Subject: Re: Syslog over SSH
Message-ID: <Pine.LNX.4.30.0111291705390.25031-100000@biocserver.BIOC.CWRU.Edu>

On Thu, 29 Nov 2001, Rafael Vidal Aroca wrote:

> What I do to do secure logging on remote machines is pipe
> UDP/514 (syslog) to TCP using netcat then pass it to another machine
> over a SSH tunnel, and put it to localhost.

why not cryptcat or aesnetcat?

http://farm9.com/content/Free_Tools/Cryptcat
http://www.ussrback.com/UNIX/utilities/aes-netcat.tgz

saves a step.

____________________________
jose nazario jose@cwru.edu
                           PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)



Relevant Pages

  • Re: Port redirection problems?
    ... Does netcat can do the ... > that suggests it will translate UDP to TCP and the reverse. ... Secure Shell by redirecting the syslog traffic to TCP tunnel, ...
    (comp.os.linux.networking)
  • ssh v4.2p1 IPv6 TCP checksum error
    ... repeatedly encounter TCP checksum errors. ... on to the ssh problem... ... Internet Protocol Version 6 ... Transmission Control Protocol, Src Port: 41335, Dst Port: ssh ...
    (SSH)
  • Re: ipfw and nmap
    ... > even be correct but I have a bsd box that is simply providing me SSH ... add allow tcp from any to me 22 setup in via fxp0 keep-state ... Note too that there is nothing to prevent port scanners simply setting ... the 'SYN' flag in the probe packets they send to your server. ...
    (freebsd-questions)
  • pf.conf
    ... Use "block return" so that a TCP RST is sent ... to $Angels port ssh ... # Pass TCP, UDP, and ICMP out on the external interface. ... pass out on $Demons proto all modulate state ...
    (comp.unix.bsd.openbsd.misc)
  • Re: SSH scans vs connection ratelimiting
    ... we're all seeing repeated bruteforce attempts on SSH. ... I've configured my pf install to ratelimit TCP connections to port 22 ... multiple authentication attempts over a single connection. ...
    (FreeBSD-Security)