From owner-freebsd-newbies  Sun Sep 17  6:11:27 2000
Delivered-To: freebsd-newbies@freebsd.org
Received: from mail.hellasnet.gr (mail.hellasnet.gr [212.54.192.3])
	by hub.freebsd.org (Postfix) with ESMTP id 467C837B42C
	for <freebsd-newbies@FreeBSD.ORG>; Sun, 17 Sep 2000 06:11:23 -0700 (PDT)
Received: from hades.hell.gr (ppp3.patr.hellasnet.gr [212.54.197.18])
	by mail.hellasnet.gr (8.9.1/8.9.1) with ESMTP id QAA23251;
	Sun, 17 Sep 2000 16:11:58 +0200 (GMT)
Received: (from charon@localhost)
	by hades.hell.gr (8.11.0/8.11.0) id e8GCfxx05179;
	Sat, 16 Sep 2000 15:41:59 +0300 (EEST)
Date: Sat, 16 Sep 2000 15:41:59 +0300
From: Giorgos Keramidas <keramida@ceid.upatras.gr>
To: Joshua Barker <phire@jigaboos.com>
Cc: Wayne Sheppard <mrwayne@mindspring.com>,
	freebsd-newbies@FreeBSD.ORG
Subject: Re: Brand New Installed FreeBSD, need Telnet Access.
Message-ID: <20000916154159.B4781@hades.hell.gr>
References: <000c01c01f23$8288e560$a301a8c0@p3wayne> <Pine.BSF.3.96K.1000915142248.1615A-100000@ns1.jigaboos.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.4i
In-Reply-To: <Pine.BSF.3.96K.1000915142248.1615A-100000@ns1.jigaboos.com>; from phire@jigaboos.com on Fri, Sep 15, 2000 at 02:23:24PM -0500
X-PGP-Fingerprint: 3A 75 52 EB F1 58 56 0D - C5 B8 21 B6 1B 5E 4A C2
X-URL: http://students.ceid.upatras.gr/~keramida/index.html
Sender: owner-freebsd-newbies@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri, Sep 15, 2000 at 02:23:24PM -0500, Joshua Barker wrote:
> Firewall?  Uhh, if you have a firewall on both systems, only allowing
> computer A and computer B to accept connections on port 21, the rest are
> denied, no one will be able to sniff your packets, right?

Uh, sorry for spoiling all this fun, but no.  This is not right.

Most firewalls work in the IP layer, i.e. the packet traverses a link
(an ethernet cable, a connection to a hub, etc) and after that it
reaches your firewall.

A good sniffer will work in the layer below IP, and grab ethernet frames
for itself.

Now as you see, no kind of IP-based firewall scheme will protect you
from someone who grabs passwords from raw packets on the `wire'.

- giorgos


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-newbies" in the body of the message