From owner-freebsd-security Wed Dec 11 00:45:53 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id AAA26921 for security-outgoing; Wed, 11 Dec 1996 00:45:53 -0800 (PST) Received: from agora.rdrop.com (root@agora.rdrop.com [199.2.210.241]) by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id AAA26912 for ; Wed, 11 Dec 1996 00:45:49 -0800 (PST) Received: by agora.rdrop.com (Smail3.1.29.1 #17) id m0vXkIL-0008vkC; Wed, 11 Dec 96 00:45 PST Message-Id: From: batie@agora.rdrop.com (Alan Batie) Subject: Re: Risk of having bpf0? (was URGENT: Packet sniffer found on my system) To: msmith@atrad.adelaide.edu.au (Michael Smith) Date: Wed, 11 Dec 1996 00:45:37 -0800 (PST) Cc: softweyr@xmission.com, msmith@atrad.adelaide.edu.au, security@freebsd.org In-Reply-To: <199612110634.RAA22676@genesis.atrad.adelaide.edu.au> from "Michael Smith" at Dec 11, 96 05:04:36 pm X-Mailer: ELM [version 2.4 PL24 ME8a] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > Tcpdump does all this and lots more; the filter language is pretty powerful. Given that bpf implements a little software processor, you could probably demonstrate its equivalence to a turing machine. I'm not sure if the lack of back referencing jumps inhibits this or not, but I don't think so. So, yeah it's pretty powerful :-) (yeah, that's not tcpdump, but all tcpdump is is a compiler for this processor) -- Alan Batie ______ batie@agora.rdrop.com \ / Assimilate this! +1 503 452-0960 \ / --Worf, First Contact DE 3C 29 17 C0 49 7A 27 \/ 40 A5 3C 37 4A DA 52 B9 It is my policy to avoid purchase of any products from companies which use unrequested email advertisements or telephone solicitation.