Date: Wed, 11 Dec 1996 00:51:45 -0600 (CST) From: Brian Mitchell <brian@saturn.net> To: Brian Tao <taob@io.org> Cc: FREEBSD-SECURITY-L <freebsd-security@freebsd.org> Subject: Re: Risk of having bpf0? (was URGENT: Packet sniffer found on my system) Message-ID: <Pine.BSI.3.95.961211005032.252A-100000@redmare.com> In-Reply-To: <Pine.BSF.3.95.961210215417.9494P-100000@nap.io.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 10 Dec 1996, Brian Tao wrote: > What are people's feelings on enabling devices like bpf or snp > in the kernel on a public server? Obviously, had I not compiled bpf > into the shell and Web server kernels, this particular incident would > never have happened. However, I like to have access to tcpdump to > check for things like ping floods, and trafshow to see where bytes are > being sent. If you disable it, remember to take lkm out with it. > > I know this depends entirely on your local setup, and every site > has different policies, but I'd like to hear if anyone has strong > feelings about "enabled" kernels or proposed solutions (i.e., an > option to make bpf work only for processes run on the console). all machines clearly dont need bpf, maybe a single machine (admin machine) with it enabled to monitor the network, but the public machines should probably have it disabled. Brian Mitchell / brian@saturn.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.95.961211005032.252A-100000>