Date: Thu, 7 Mar 2002 16:57:37 +0200 From: Peter Pentchev <roam@ringlet.net> To: Michael Sharp <ms@probsd.ws> Cc: security@FreeBSD.ORG Subject: Re: Berkley Packet Filter Message-ID: <20020307165737.F377@straylight.oblivion.bg> In-Reply-To: <3744.192.168.1.2.1015512820.squirrel@probsd.ws>; from ms@probsd.ws on Thu, Mar 07, 2002 at 09:53:40AM -0500 References: <3744.192.168.1.2.1015512820.squirrel@probsd.ws>
next in thread | previous in thread | raw e-mail | index | archive | help
--MZf7D3rAEoQgPanC Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Mar 07, 2002 at 09:53:40AM -0500, Michael Sharp wrote: > If I disable; pseudo-device bpf >=20 > in the kernel, this will prevent my Ethernet Device from going into > Promiscious mode, thus preventing a sniffer from running on my machine > correct? But wont it also kill ipfw functionality? It will not really prevent your Ethernet device from going into promisc mode; all it will do is, it will disable one of the ways userland programs may snoop on (or sniff) packets going through any of your system's network interfaces (not just Ethernet). A Netgraph node or a specially-crafted kernel module could still intercept packets, but yes, disabling the Berkeley packet filter would indeed make it more difficult for the average script kiddie out there. And no, it will not affect ipfw functionality in any way. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 because I didn't think of a good beginning of it. --MZf7D3rAEoQgPanC Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjyHf+EACgkQ7Ri2jRYZRVP8ggCfUk4O/5uiL+Q5KeR5AOTl6RV+ MEoAnAx2sTaizqYE6Nbu66/F7LOE/5Up =H2bc -----END PGP SIGNATURE----- --MZf7D3rAEoQgPanC-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020307165737.F377>