Date: Sat, 16 Sep 2000 15:41:59 +0300 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: Joshua Barker <phire@jigaboos.com> Cc: Wayne Sheppard <mrwayne@mindspring.com>, freebsd-newbies@FreeBSD.ORG Subject: Re: Brand New Installed FreeBSD, need Telnet Access. Message-ID: <20000916154159.B4781@hades.hell.gr> In-Reply-To: <Pine.BSF.3.96K.1000915142248.1615A-100000@ns1.jigaboos.com>; from phire@jigaboos.com on Fri, Sep 15, 2000 at 02:23:24PM -0500 References: <000c01c01f23$8288e560$a301a8c0@p3wayne> <Pine.BSF.3.96K.1000915142248.1615A-100000@ns1.jigaboos.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Sep 15, 2000 at 02:23:24PM -0500, Joshua Barker wrote: > Firewall? Uhh, if you have a firewall on both systems, only allowing > computer A and computer B to accept connections on port 21, the rest are > denied, no one will be able to sniff your packets, right? Uh, sorry for spoiling all this fun, but no. This is not right. Most firewalls work in the IP layer, i.e. the packet traverses a link (an ethernet cable, a connection to a hub, etc) and after that it reaches your firewall. A good sniffer will work in the layer below IP, and grab ethernet frames for itself. Now as you see, no kind of IP-based firewall scheme will protect you from someone who grabs passwords from raw packets on the `wire'. - giorgos To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-newbies" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000916154159.B4781>