From owner-freebsd-security  Thu Dec 12 02:29:04 1996
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id CAA04413
          for security-outgoing; Thu, 12 Dec 1996 02:29:04 -0800 (PST)
Received: from ki1.chemie.fu-berlin.de (ki1.Chemie.FU-Berlin.DE [160.45.24.21])
          by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id CAA04408
          for <freebsd-security@freeBSD.org>; Thu, 12 Dec 1996 02:28:59 -0800 (PST)
Received: by ki1.chemie.fu-berlin.de (Smail3.1.28.1)
	  from mail.hanse.de (193.174.9.9) with smtp
	  id <m0vY8NK-0000YcC>; Thu, 12 Dec 96 11:28 MET
Received: from wavehh.UUCP by mail.hanse.de with UUCP
	  for msmith@atrad.adelaide.edu.au id <m0vY8NJ-0004f9C@mail.hanse.de>; Thu, 12 Dec 96 11:28 MET
Received: by wavehh.hanse.de (4.1/SMI-4.1)
	id AA28380; Thu, 12 Dec 96 11:27:44 +0100
From: cracauer@wavehh.hanse.de (Martin Cracauer)
Message-Id: <9612121027.AA28380@wavehh.hanse.de>
Subject: Re: Risk of having bpf0? (was URGENT: Packet sniffer found on my system)
To: msmith@atrad.adelaide.edu.au (Michael Smith)
Date: Thu, 12 Dec 1996 11:27:43 +0100 (MET)
Cc: cracauer@wavehh.hanse.de, freebsd-security@freeBSD.org
In-Reply-To: <199612120001.KAA29724@genesis.atrad.adelaide.edu.au> from "Michael Smith" at Dec 12, 96 10:31:46 am
X-Mailer: ELM [version 2.4 PL24]
Content-Type: text
Sender: owner-security@freeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

[me]
> > And in what way can BPF make spoofing easier?

[Michael Smith]
> The ability to emit arbitrary network data, subject only to the
> framing imposed by the transport hardware.

Sure. But (for me) your former statement was misleading. In context it
sounded like a machine with BPF was more vulnerable to a spoofing
attack, while you obviously meant it is easier to launch such an
attack. 

Martin
-- 
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Martin Cracauer <cracauer@wavehh.hanse.de>
http://cracauer.cons.org
Fax +49 40 522 85 36