However, I think that the "uneducated" answer by Theo means "no".
No, what I mean is that asking a stupid question, which shows you did
N WRK AT ALL T LEARN ABUT THIS, just makes you look like some
low-grade slashdot dumb****.
You heard about rings somewhere. Whooptie doo. You didn't even read
up ANYTHING about why they are useless.
Instead, you thought it would be smart to ask.
No, it was not smart. It was totally stupid. It means you don't know
how to learn.

Ed,
Ever read anything about MIT's Multics and the GE 645?

I remember asking how to stop syslogd opening udp port 514 a while ago
and never doing anything about it, here goes again

hopefully a relevant part of /etc/rc

echo 'starting system logger'
rm -f /dev/log
if [ "X${named_flags}" != X"N" ]; then
rm -f /var/named/dev/log
syslogd_flags="${syslogd_flags} -a /var/named/dev/log"
fi
if [ -d /var/empty ]; then
rm -f /var/empty/dev/log
mkdir -p -m 0555 /var/empty/dev
syslogd_flags="${syslogd_flags} -a /var/empty/dev/log"
fi
syslogd ${syslogd_flags}

if [ X"${pf}" != X"N" -a X"${pflogd_flags}" != X"N" ]; then
if ifconfig pflog0 >/dev/null 2>&1; then
ifconfig pflog0 up
pflogd ${pflogd_flags}
fi
fi

my /etc/rc.conf

syslogd_flags= # add more flags, ie. "-u -a /chroot/dev/log"

output from command: netstat -p udp -an

Proto Recv-Q Send-Q Local Address Foreign Address (state)
udp 0 0 *.514

reading the man page doesn't really answer why there is program
listening on udp 514, seeing as I haven't passed syslogd the -u switch
-u Select the historical ``insecure'' mode, in which syslogd will
accept input from the UDP port. Some software wants this, but
you can be subjected to a variety of attacks over the network,
including attackers remotely filling logs.

can anyone point me in the right direction so this annoying behaviour stops.
also, is there a switch for netstat which shows the pid/process for each
listening port?

thanks in advance

poncenby

8/4/05, poncenby <smythe (AT) poncenby (DOT) plus.comwrote:
I remember asking how to stop syslogd opening udp port 514 a while ago
and never doing anything about it, here goes again

Sure, syslogd opens UDP/514, but unless you use the '-u' flag the very
next thing it does is call shutdown(), which prevents inbound traffic on
the "listening" port:

reading the man page doesn't really answer why there is program
listening on udp 514, seeing as I haven't passed syslogd the -u switch
-u Select the historical ``insecure'' mode, in which syslogd will
accept input from the UDP port. Some software wants this, but
you can be subjected to a variety of attacks over the network,
including attackers remotely filling logs.

can anyone point me in the right direction so this annoying behaviour stops.

I agree, it is (mildly) annoying.

The syslog daemon must bind UDP/514 even without the '-u' flag because
syslogd uses this socket as the source port if/when you configure a
remote log destination in /etc/syslogd.conf.

FreeBSD has the '-s -s' flag which prevents the daemon from binding the
port at all, but this is not necessary as a security enhancement, forcing
syslogd not to bind the port is purely cosmetic, makes your netstat
output shorter by one line.

Kevin Kadow

8/4/05, poncenby <smythe (AT) poncenby (DOT) plus.comwrote:
I remember asking how to stop syslogd opening udp port 514 a while ago
and never doing anything about it, here goes again
better yet just compile your own version of nmap that
doesnt scan udp 514.