Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

Is Syslogd the best transport method?

best method syslogd transport
0
Posted

Is Syslogd the best transport method?

0 CommentsAdd a Comment

1 Answer

0

Rootkits Vs. Syslogd Due to the fact that both rootkits and attackers will try to kill syslogd immediately after a compromise, odds are that our modified script data will not be sent to the remote host in an appropriate manner. Another issue to consider with sending the script data across the wire via Syslogd is that the text is displayed in clear text. This could definitely tip off the attacker that session monitoring is occurring if the attacker has installed a sniffer program. For example, I started up a SNOOP session on the remote Solaris logging host and could clearly read all of the data that was being sent across the network from the honeypot system. This is due to the fact that syslog uses clear text UDP packets to transfer information.

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123