From owner-freebsd-security Tue Feb 2 21:07:03 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id VAA18874 for freebsd-security-outgoing; Tue, 2 Feb 1999 21:07:03 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA18860; Tue, 2 Feb 1999 21:07:01 -0800 (PST) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.2/8.9.1) id VAA42930; Tue, 2 Feb 1999 21:06:57 -0800 (PST) (envelope-from dillon) Date: Tue, 2 Feb 1999 21:06:57 -0800 (PST) From: Matthew Dillon Message-Id: <199902030506.VAA42930@apollo.backplane.com> To: "Jordan K. Hubbard" Cc: Garrett Wollman , "Jonathan M. Bresler" , woodford@cc181716-a.hwrd1.md.home.com, security@FreeBSD.ORG Subject: Re: tcpdump References: <10089.918017944@zippy.cdrom.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org : :> It still appears to be beyond the pale of the script kiddies to :> rewrite an Ethernet driver in order to enable it to hand off packets :> to BPF. Hopefully it will stay that way for a little while longer. : :Ummmm. Let me just note for the record that the skill of the script :kiddies is essentially irrelevant here since their defining attribute :is to use scripts that others have written. All it will take is one :semi-intelligent cracker type to write a exploit and associated LKD :module, then the rest will just run it blindly or whenever they've :gained root by other means. : :- Jordan I can clear this up instantly: I've seen the scripts to do it. -Matt Matthew Dillon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message