LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

rate limiting does not defend against DOS, it accentuates the DOS

rate limiting does not defend against DOS, it accentuates the DOS

Posted Nov 20, 2011 6:57 UTC (Sun) by dlang (✭ supporter ✭, #313)
Parent article: The Journal - a proposed syslog replacement

the idea that rate limiting is a defense against a DOS is invalid, if the logging infrastructure can't keep up and therefor slows down the rate at which other systems can generate logs, it doesn't prevent a DOS, it creates one by making the other systems stop responding while they wait for the logs to be written.

In some cases your logs are important enough to do this, but even in many places where security is very important, availability is still more important than guaranteeing that every log message gets saved.

(Log in to post comments)

rate limiting does not defend against DOS, it accentuates the DOS

Posted Nov 20, 2011 17:10 UTC (Sun) by alankila (subscriber, #47141) [Link]

It might be possible to ratelimit only the daemon that is logging too much, and let others continue logging without delay. In any case, without more details about what exactly will be done it's hard to say whether a good idea is being proposed. Running out of space on /var is pretty bad outcome too, so avoiding that one way or other seems worthwhile.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds