From owner-freebsd-questions  Fri Sep  4 08:55:42 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id IAA09654
          for freebsd-questions-outgoing; Fri, 4 Sep 1998 08:55:42 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from horton.iaces.com (horton.iaces.com [204.147.87.98])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA09610
          for <freebsd-questions@FreeBSD.ORG>; Fri, 4 Sep 1998 08:55:25 -0700 (PDT)
          (envelope-from proot@horton.iaces.com)
Received: (from proot@localhost)
	by horton.iaces.com (8.8.8/8.8.7) id KAA28632;
	Fri, 4 Sep 1998 10:54:08 -0500 (CDT)
From: "Paul T. Root" <proot@horton.iaces.com>
Message-Id: <199809041554.KAA28632@horton.iaces.com>
Subject: Re: bpfilter
In-Reply-To: <007c01bdd814$b0566740$091962d1@kilroy.ns.intexp.com> from Adam Maloney at "Sep 4, 98 09:59:59 am"
To: adam@iexposure.com
Date: Fri, 4 Sep 1998 10:54:08 -0500 (CDT)
Cc: freebsd-questions@FreeBSD.ORG
X-Organization: USWEST !nterprise Networking - ACES
X-Phone: (612) 664-3385
X-Fax: (612) 664-4779
X-Page: (800) SKY-PAGE PIN: 537-7270
X-Address: 600 Stinson Blvd, Fl 1S
X-Address: Minneapolis, MN 55413
X-Mailer: ELM [version 2.4ME+ PL38 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

In a previous message, Adam Maloney said:
> Hello,
> 
> I have a FreeBSD machine setup as a secondary DNS and sendmail fallback for
> my network.  I'd also like to use the machine as a network monitor.  I
> downloaded a package (trafshow-2.0) which requires the berkely packet filter
> to be enabled.
> 
> In the FreeBSD handbook, there's a paragraph that talks about the bpfilter
> and how it can be a security risk to your network.  What are the security
> risks of running bpfilter, and how should I set it up?


It's a security risk because a person on that machine can snoop every
packet that goes across the network. And passwords go across in clear
text.

To setup bpfilter put:

options	bpfilter 4

in your kernel config and re-build.

-- 
"Overconfidence may cost the Dodgers sixth place." -- Sportswriter Ed
Murphy, on the hapless Brooklyn team of the 1930s.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message