Date: Sat, 29 May 1999 17:03:25 -0700 From: "Jan B. Koum " <jkb@best.com> To: William Woods <wwoods@cybcon.com>, Justin Wolf <jjwolf@bleeding.com> Cc: FreeBSD Security <freebsd-security@FreeBSD.ORG> Subject: Re: System beeing cracked! Message-ID: <19990529170325.A28298@best.com> In-Reply-To: <000001beaa1c$3b44bf80$264b93cd@william>; from William Woods on Sat, May 29, 1999 at 02:43:04PM -0700 References: <006201bea999$ee5e4b00$06c3fe90@cisco.com> <000001beaa1c$3b44bf80$264b93cd@william>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, May 29, 1999 at 02:43:04PM -0700, William Woods <wwoods@cybcon.com> wrote: > > unless you have to. Don't have bpf compiled into the kernel. Get strobe > > OK....why is this a bad thig? I need bpf (or so I understand) to use nmap > > William > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message Usually if someone cracks root on your box, they can then sniff the LAN for pop3/telnet/ftp passwords and compromise other systems on that LAN. On the other hand, if someone cracks root and you have LKM (or KLD) enabled, a skilled attacker can just insert a bpf module into a running system I would guess. There is a paper on how to abuse LKM under linux at: http://www.infowar.co.uk/thc/files/thc/LKM_HACKING.html -- Yan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990529170325.A28298>