Date: Mon, 8 Apr 2002 17:45:59 -0700 (PDT) From: Jason Stone <jason@shalott.net> To: Michael Sharp <ms@probsd.ws> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: Berkley Packet Filter Message-ID: <20020408172043.E32064-100000@walter> In-Reply-To: <20020408202441.W3388-100000@phoenix.vh.laserfence.net>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > In short summary, I would say: > > For a security administrator's work station, turn it on. > For anything else, turn it off. Why turn it off? Does anyone still worry about sniffing? Given the prevalence of ssh and ssl-aware clients these days, if there's any plaintext still going over your network, your time would be better spent fixing that. And bpf is invaluable for debugging network-related problems. Whenever some network-related service stops working right, the very first thing I do is to run tcpdump to see what's going on. Bottom line - if there's anything an attacker could gain by sniffing your network, you already have problems. Yeah, yeah, security in layers, but there's really no excuse to still be allowing plaintext protocols at this stage of the game. -Jason ----------------------------------------------------------------------- I worry about my child and the Internet all the time, even though she's too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say "Daddy, where were you when they took freedom of the press away from the Internet?" -- Mike Godwin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE8sjnKswXMWWtptckRAoVrAJ9DtAz58c5IciKGvDjpkbBUElmrgQCgy23z 2ibVtI/dCcsZCBwdlFT7LLA= =A4PM -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020408172043.E32064-100000>