Syslog buffer overflow

From: Heidi (mcps@private)
Date: Tue Oct 16 2001 - 09:36:06 PDT

Next message: George Heuston: "FW: NIPC Daily Report, 16 October 2001"

Previous message: McCall, Bill: "RE: new bill being passed in Congress"
Next in thread: Toby Kohlenberg: "Re: Syslog buffer overflow"
Reply: Toby Kohlenberg: "Re: Syslog buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

By noting UDP port 514 in this log, would I be correct in identifying it as
a Syslog butter overflow attack?

Oct 16 08:08:32 rt0 10588: rd20h: %SEC-6- IPACCESSLOGP: LIST 102 denied udp
195.16.163.6(1094)->external.server(514), 2 packets
Oct 16 08:16:23 rt0 10597: 4d11h: %SEC-6-IPACCESSLOGP: list 102 denied udp
195.16.174.10(2976) -> external server(514), 1 packet
Oct 16 08:34:33 rt0 10629: rd11h: #SEC-6-IPACCESSLOGP: list 102 denied udp
195.16.174.10 (2976) -> external.server (514), 1 packet

Thank you,
Heidi Henry
mcps@private

Next message: George Heuston: "FW: NIPC Daily Report, 16 October 2001"
Previous message: McCall, Bill: "RE: new bill being passed in Congress"
Next in thread: Toby Kohlenberg: "Re: Syslog buffer overflow"
Reply: Toby Kohlenberg: "Re: Syslog buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:27:57 PDT