Date: Tue, 10 Dec 1996 21:58:09 -0500 (EST) From: Brian Tao <taob@io.org> To: FREEBSD-SECURITY-L <freebsd-security@freebsd.org> Subject: Re: Risk of having bpf0? (was URGENT: Packet sniffer found on my system) Message-ID: <Pine.BSF.3.95.961210215417.9494P-100000@nap.io.org> In-Reply-To: <9612101452.AA21942@halloran-eldar.lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
What are people's feelings on enabling devices like bpf or snp
in the kernel on a public server? Obviously, had I not compiled bpf
into the shell and Web server kernels, this particular incident would
never have happened. However, I like to have access to tcpdump to
check for things like ping floods, and trafshow to see where bytes are
being sent.
I know this depends entirely on your local setup, and every site
has different policies, but I'd like to hear if anyone has strong
feelings about "enabled" kernels or proposed solutions (i.e., an
option to make bpf work only for processes run on the console).
--
Brian Tao (BT300, taob@io.org, taob@ican.net)
Senior Systems and Network Administrator, Internet Canada Corp.
"Though this be madness, yet there is method in't"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.961210215417.9494P-100000>