Date: Mon, 08 Apr 2002 18:14:19 GMT From: "Peter C. Lai" <sirmoo@cowbert.2y.net> To: "Michael Sharp" <ms@probsd.ws> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Berkley Packet Filter Message-ID: <20020408181419.9260.qmail@d188h80.mcb.uconn.edu> In-Reply-To: <1074.192.168.1.2.1018254621.squirrel@probsd.ws> References: <1074.192.168.1.2.1018254621.squirrel@probsd.ws>
next in thread | previous in thread | raw e-mail | index | archive | help
disabling bpf only prevents someone from running a sniffer on *your* box should they obtain a shell. I don't see how disabling it prevents nmap from running syn/fin scans. Furthermore, if someone obtains root shell, they could just load a kernel module to enable bpf-like capabilities. In addition, disabling bpf also breaks DHCP (and/or PPP?). If your host gets an IP via DHCP (e.g you are running dhclient(1)) you need to enable bpf. Michael Sharp writes: > It is my understanding that if you comment OUT the bpf line in the kernel > and re-compile, this disables things like nmap and prevents a sniffer from > running on the network * easily * correct? > > The reason I put * easily * in there is because I am aware of other ways to > bypass bpf, but I believe disabling would defeat 99% of the script kiddies. > > Michael > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message ----------- Peter C. Lai University of Connecticut Dept. of Residential Life | Programmer Dept. of Molecular and Cell Biology | Undergraduate Research Assistant http://cowbert.2y.net/ 860.427.4542 (Room) 860.486.1899 (Lab) 203.206.3784 (Cellphone) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020408181419.9260.qmail>