Date: Sat, 5 Sep 1998 10:23:19 +1000 (EST) From: Carey Nairn <cpn@dpac.tas.gov.au> To: "Paul T. Root" <proot@horton.iaces.com> Cc: adam@iexposure.com, freebsd-questions@FreeBSD.ORG Subject: Re: bpfilter Message-ID: <Pine.BSF.3.96.980905102228.10377A-100000@whitestar.cpn.org.au> In-Reply-To: <199809041554.KAA28632@horton.iaces.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 4 Sep 1998, Paul T. Root wrote: > In a previous message, Adam Maloney said: > > Hello, > > > > I have a FreeBSD machine setup as a secondary DNS and sendmail fallback for > > my network. I'd also like to use the machine as a network monitor. I > > downloaded a package (trafshow-2.0) which requires the berkely packet filter > > to be enabled. > > > > In the FreeBSD handbook, there's a paragraph that talks about the bpfilter > > and how it can be a security risk to your network. What are the security > > risks of running bpfilter, and how should I set it up? > > > It's a security risk because a person on that machine can snoop every > packet that goes across the network. And passwords go across in clear > text. > > To setup bpfilter put: > > options bpfilter 4 That should be pseudo-device bpfilter 4 > > in your kernel config and re-build. > > -- > "Overconfidence may cost the Dodgers sixth place." -- Sportswriter Ed > Murphy, on the hapless Brooklyn team of the 1930s. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980905102228.10377A-100000>