From owner-freebsd-security Wed Dec 11 23:24:50 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id XAA25851 for security-outgoing; Wed, 11 Dec 1996 23:24:50 -0800 (PST) Received: from agora.rdrop.com (root@agora.rdrop.com [199.2.210.241]) by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id XAA25831 for ; Wed, 11 Dec 1996 23:24:42 -0800 (PST) Received: by agora.rdrop.com (Smail3.1.29.1 #17) id m0vY5VU-0008uqC; Wed, 11 Dec 96 23:24 PST Message-Id: From: batie@agora.rdrop.com (Alan Batie) Subject: Re: Risk of having bpf0? (was URGENT: Packet sniffer found on my system) To: imp@village.org (Warner Losh) Date: Wed, 11 Dec 1996 23:24:35 -0800 (PST) Cc: pete@sms.fi, taob@io.org, freebsd-security@freebsd.org In-Reply-To: from "Warner Losh" at Dec 11, 96 11:33:21 pm X-Mailer: ELM [version 2.4 PL24 ME8a] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk If I read your response correctly, you're saying that some services you use require bpf, and because of that, are a weak spot in your security that you don't think should be necessary? I can understand that point, although I think that one always has administrative systems that are going to be sweet targets because of what they gain when compromised (e.g. accounting servers) and which need to be robustly secured. Perhaps there's a better way to implement rarpd and dhcpd than bpf, but I suspect (I'm no network programming expert) it would mean a new system interface specifically to receive broadcast packets. That's pretty ugly... IPv6 eliminates broadcasts entirely, replacing them with multicasts, which have a much safer mechanism for reception. That's not an immediately available option though :-) -- Alan Batie ______ batie@agora.rdrop.com \ / Assimilate this! +1 503 452-0960 \ / --Worf, First Contact DE 3C 29 17 C0 49 7A 27 \/ 40 A5 3C 37 4A DA 52 B9 It is my policy to avoid purchase of any products from companies which use unrequested email advertisements or telephone solicitation.