From owner-freebsd-security  Wed Dec 11 10:36:06 1996
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id KAA27780
          for security-outgoing; Wed, 11 Dec 1996 10:36:06 -0800 (PST)
Received: from rocky.mt.sri.com (rocky.mt.sri.com [206.127.76.100])
          by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id KAA27772
          for <freebsd-security@freebsd.org>; Wed, 11 Dec 1996 10:36:04 -0800 (PST)
Received: (from nate@localhost) by rocky.mt.sri.com (8.7.5/8.7.3) id LAA13289; Wed, 11 Dec 1996 11:35:55 -0700 (MST)
Date: Wed, 11 Dec 1996 11:35:55 -0700 (MST)
Message-Id: <199612111835.LAA13289@rocky.mt.sri.com>
From: Nate Williams <nate@mt.sri.com>
To: Brian Tao <taob@io.org>
Cc: FREEBSD-SECURITY-L <freebsd-security@freebsd.org>
Subject: Re: Risk of having bpf0? (was URGENT: Packet sniffer found on my system)
In-Reply-To: <Pine.BSF.3.95.961210215417.9494P-100000@nap.io.org>
References: <9612101452.AA21942@halloran-eldar.lcs.mit.edu>
	<Pine.BSF.3.95.961210215417.9494P-100000@nap.io.org>
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

>     What are people's feelings on enabling devices like bpf or snp
> in the kernel on a public server?

I would *certainly* disable BPF on a public server.  You can always use
another box to look at packets that isn't publically available.


Nate