From owner-freebsd-questions  Sun Sep  6 18:44:03 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id SAA25026
          for freebsd-questions-outgoing; Sun, 6 Sep 1998 18:44:03 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from slarti.muc.de (slarti.muc.de [193.174.4.10])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id SAA24924
          for <freebsd-questions@freebsd.org>; Sun, 6 Sep 1998 18:43:58 -0700 (PDT)
          (envelope-from eilts@tor.muc.de)
Received: (qmail 10775 invoked by uid 66); 7 Sep 1998 01:42:56 -0000
Received: (from eilts@localhost) by tor.muc.de (8.8.7/8.6.6) id MAA25421; Sun, 6 Sep 1998 12:10:48 +0200 (CEST)
Date: Sun, 6 Sep 1998 12:10:48 +0200 (CEST)
From: Hinrich Eilts <eilts@tor.muc.de>
Message-Id: <199809061010.MAA25421@tor.muc.de>
To: freebsd-questions@FreeBSD.ORG
Subject: Re: bpfilter
X-Newsreader: NN version 6.5.0 CURRENT #11
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


Hello,

for BPF you want

in kernel-config a line like
pseudo-device   bpfilter        4
and in /dev entries
bpf0
bpf1
...
(as much as the number (4) you selected in kernel-config).

Now, as root, a process may bind a bpf with e.g. an ethernet device and
read all ethernet packets, regardless of frame format and source. This may
be (ab)used for catching passwords send my clear text etc.

Hinrich

> In the FreeBSD handbook, there's a paragraph that talks about the bpfilter
> and how it can be a security risk to your network.  What are the security
> risks of running bpfilter, and how should I set it up?

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message