From owner-freebsd-security Wed Dec 11 07:41:43 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id HAA17078 for security-outgoing; Wed, 11 Dec 1996 07:41:43 -0800 (PST) Received: from cwsys.cwent.com (0@cschuber.net.gov.bc.ca [142.31.240.113]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id HAA17073 for ; Wed, 11 Dec 1996 07:41:36 -0800 (PST) Received: from cwsys (1000@localhost [127.0.0.1]) by cwsys.cwent.com (8.8.4/8.6.10) with ESMTP id HAA03824; Wed, 11 Dec 1996 07:40:45 -0800 (PST) Message-Id: <199612111540.HAA03824@cwsys.cwent.com> Reply-to: cschuber@uumail.gov.bc.ca X-Mailer: Xmh To: Brian Tao cc: FREEBSD-SECURITY-L Subject: Re: Risk of having bpf0? (was URGENT: Packet sniffer found on my system) In-reply-to: Your message of "Tue, 10 Dec 1996 21:58:09 EST." Date: Wed, 11 Dec 1996 07:40:38 -0800 From: Cy Schubert Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > What are people's feelings on enabling devices like bpf or snp > in the kernel on a public server? Obviously, had I not compiled bpf > into the shell and Web server kernels, this particular incident would > never have happened. However, I like to have access to tcpdump to > check for things like ping floods, and trafshow to see where bytes are > being sent. You're better of putting these tools and enabling the kernel for them on another machine on the network. Regards, Phone: (604)387-8437 Cy Schubert OV/VM: BCSC02(CSCHUBER) Open Systems Support BITNET: CSCHUBER@BCSC02.BITNET ITSD Internet: cschuber@uumail.gov.bc.ca cschuber@bcsc02.gov.bc.ca "Quit spooling around, JES do it."