From owner-freebsd-security Thu Dec 12 07:24:10 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id HAA16683 for security-outgoing; Thu, 12 Dec 1996 07:24:10 -0800 (PST) Received: from ican.net (ican.net [198.133.36.9]) by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id HAA16676 for ; Thu, 12 Dec 1996 07:24:07 -0800 (PST) Received: from gate.ican.net(really [198.133.36.2]) by ican.net via sendmail with esmtp id for ; Thu, 12 Dec 1996 10:23:54 -0500 (EST) (Smail-3.2 1996-Jul-4 #1 built 1996-Jul-10) Received: (from smap@localhost) by gate.ican.net (8.7.5/8.7.3) id KAA14122; Thu, 12 Dec 1996 10:20:31 -0500 (EST) Received: from nap.io.org(10.1.1.3) by gate.ican.net via smap (V1.3) id sma014116; Thu Dec 12 10:20:26 1996 Received: from localhost (taob@localhost) by nap.io.org (8.7.5/8.7.3) with SMTP id KAA25453; Thu, 12 Dec 1996 10:17:24 -0500 (EST) X-Authentication-Warning: nap.io.org: taob owned process doing -bs Date: Thu, 12 Dec 1996 10:17:24 -0500 (EST) From: Brian Tao To: Stephen Fisher cc: FREEBSD-SECURITY-L Subject: Re: Risk of having bpf0? (was URGENT: Packet sniffer found on my system) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Thu, 12 Dec 1996, Stephen Fisher wrote: > > Can't the hacker just recompile the kernel with bpf support and then use > it, though? You would have to reboot the machine for a new kernel to take effect, and hopefully your kernel is included in whatever trojan horse scans you do. -- Brian Tao (BT300, taob@io.org, taob@ican.net) Senior Systems and Network Administrator, Internet Canada Corp. "Though this be madness, yet there is method in't"