[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fwknop-discuss
Subject:    Re: [Fwknop-discuss] ad-hoc syslogging via SPA
From:       fwm () nym ! hush ! com
Date:       2011-09-22 10:21:34
Message-ID: 20110922102134.EBBEDE671D () smtp ! hushmail ! com
[Download RAW message or body]


>
>Interesting idea.  When you say that you used the cmd mode, did 
>you
>somehow encode the syslog data itself within an SPA packet so that 
>it
>was encrypted en-route?  Or was the SPA packet sent in order to 
>open
>up a syslog listener through an otherwise default drop packet 
>filter,
>and then the syslog data followed?
It was the former: I was sending syslog messages to a FIFO pipe and 
then trying to grab lines from that into something like the --
Server-cmd parameter. Sending messages in --Server-cmd resulted in 
them logged at the other end, even though they weren't legitimate 
commands.

-- 
mart


------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
Fwknop-discuss mailing list
Fwknop-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
[prev in list] [next in list] [prev in thread] [next in thread]