From owner-freebsd-security  Tue Dec 10 23:17:18 1996
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id XAA23371
          for security-outgoing; Tue, 10 Dec 1996 23:17:18 -0800 (PST)
Received: from silver.sms.fi (root@silver.sms.fi [194.111.122.17])
          by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id XAA23366
          for <freebsd-security@freebsd.org>; Tue, 10 Dec 1996 23:17:15 -0800 (PST)
Received: (from pete@localhost) by silver.sms.fi (8.7.6/8.7.3) id JAA01999; Wed, 11 Dec 1996 09:16:58 +0200 (EET)
Date: Wed, 11 Dec 1996 09:16:58 +0200 (EET)
Message-Id: <199612110716.JAA01999@silver.sms.fi>
From: Petri Helenius <pete@sms.fi>
To: Brian Tao <taob@io.org>
Cc: FREEBSD-SECURITY-L <freebsd-security@freebsd.org>
Subject: Re: Risk of having bpf0? (was URGENT: Packet sniffer found on my system)
In-Reply-To: <Pine.BSF.3.95.961210215417.9494P-100000@nap.io.org>
References: <9612101452.AA21942@halloran-eldar.lcs.mit.edu>
	<Pine.BSF.3.95.961210215417.9494P-100000@nap.io.org>
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Brian Tao writes:
 >     What are people's feelings on enabling devices like bpf or snp
 > in the kernel on a public server?  Obviously, had I not compiled bpf
 > into the shell and Web server kernels, this particular incident would
 > never have happened.  However, I like to have access to tcpdump to
 > check for things like ping floods, and trafshow to see where bytes are
 > being sent.
 > 
I think one consideration here is that to run some of the desired
functionality, like dhcpd, you need to have them.

Pete