From mboxrd@z Thu Jan 1 00:00:00 1970 From: LC Bruzenak Subject: Re: check_second_connection stopping my recovery? Date: Tue, 01 Dec 2009 12:27:50 -0600 Message-ID: <1259692070.7603.54.camel@lcb> References: <200912011310.24176.sgrubb@redhat.com> Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <200912011310.24176.sgrubb@redhat.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Steve Grubb Cc: linux-audit@redhat.com List-Id: linux-audit@redhat.com On Tue, 2009-12-01 at 13:10 -0500, Steve Grubb wrote: > On Wednesday 18 November 2009 06:01:10 pm LC Bruzenak wrote: > > Yes, it was. With the reconnect code its possible to DoS a server, so the > connections need to be limited. I think the best solution is to make an admin > tweakable setting that defaults to 1 and you can set it to 2. Your recovery > technique won't be needed in the long term since its planned to have a store- > and-forward model so nothing is lost and its automatically recovered on start > up. > > -Steve Steve, Your call but it may not be worth adding a new setting. I've already patched it out of my system, and if I'm the only one who cares then I'd say don't worry about it. I am aware of a DoS attack but all senders are locked tight so I feel mitigation is sufficient. In fact I nearly DoS-attacked myself before restricting the recovery to at most 1 process. :) The store-and-forward piece will be excellent. It will solve at least a couple of issues for me: recovery and also forwarding from a DMZ machine to an internal server which will then forward to an independent collector. Thx, LCB. -- LC (Lenny) Bruzenak lenny@magitekltd.com