changing debuglevel of kernel messaging going to console
Jeremie Le Hen
jeremie at le-hen.org
Thu Feb 17 20:13:48 GMT 2005
Hi Gleb,
> now all kernel messages are printed to system console by default:
>
> *.err;kern.debug;auth.notice;mail.crit /dev/console
>
> There is a problem that in case of a serial console, this printing
> is very slow and heavily pessimizes box performance, when kernel
> messages are printed at high speed. Moreover, several kernel messages
> with LOG_DEBUG severity can be triggered remotely, for example
> sending bogus ARP replies. So, sending bogus ARP packets to a
> FreeBSD box with serial console may lead to a DoS like conditions.
I don't want to be picky, you are right. I encountered this behaviour
while working on a Linux firewall which was printing all NetFilter's log
on the console (which in turn was a serial link). I have wondered for a
few days why the hell making a nmap scan from a DSL connexion would come
off having a ping of 20 seconds and 100% CPU usage whereas my tests
through a 100Mbits link left it emotionless.
But, although it is possible to trigger kernel message remotely sending
fake ARP packets, I really do not want to have my FreeBSD box being
silent by default when I am ARP spoofed. Furthermore, once the attacker
is able to have local network access, there are numerous ways to make a
DoS on the service the server provides anyway.
Best regards,
--
Jeremie Le Hen
jeremie at le-hen dot org
More information about the freebsd-current
mailing list