From owner-freebsd-security Thu Dec 12 17:37:53 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id RAA00660 for security-outgoing; Thu, 12 Dec 1996 17:37:53 -0800 (PST) Received: from who.cdrom.com (who.cdrom.com [204.216.27.3]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id RAA00651 for ; Thu, 12 Dec 1996 17:37:51 -0800 (PST) Received: from xmission.xmission.com (softweyr@xmission.xmission.com [198.60.22.2]) by who.cdrom.com (8.7.5/8.6.11) with ESMTP id RAA18456 for ; Thu, 12 Dec 1996 17:37:50 -0800 (PST) Received: (from softweyr@localhost) by xmission.xmission.com (8.8.4/8.7.5) id SAA21478; Thu, 12 Dec 1996 18:35:44 -0700 (MST) From: Softweyr LLC Message-Id: <199612130135.SAA21478@xmission.xmission.com> Subject: Re: Risk of having bpf0? To: jhupp@gensys.com (Jeff Hupp) Date: Thu, 12 Dec 1996 18:35:43 -0700 (MST) Cc: lithium@cia-g.com, security@freebsd.org In-Reply-To: <199612121501.JAA23109@black.gensys.com> from "Jeff Hupp" at Dec 12, 96 09:01:46 am X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Stephen Fisher bound electrons in the following form:: : Can't the hacker just recompile the kernel with bpf support and then use : it, though? Jef Hupp wittily replied: > I notice when one of my systems reboots. > > Leaving bpf in a public machine connected to the internet is a bit > like leaving a loaded gun in a public place ~ you are largely responsible > for what happens. Also, a good security monitoring program will notice *new* devices in the kernel (since the last run, or update of the database) and warn you about them. No, I don't know of one for FreeBSD that does this, but it would make a great M.S. non-thesis project. ;^) -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC http://www.xmission.com/~softweyr softweyr@xmission.com