Date: Wed, 11 Dec 1996 18:21:24 -0500 (EST) From: spork <spork@super-g.com> To: Brian Tao <taob@io.org> Cc: Nate Williams <nate@mt.sri.com>, FREEBSD-SECURITY-L <freebsd-security@freebsd.org> Subject: Re: Risk of having bpf0? (was URGENT: Packet sniffer found on my system) Message-ID: <Pine.BSF.3.95.961211181928.12046A-100000@super-g.inch.com> In-Reply-To: <Pine.BSF.3.95.961211172853.9494e-100000@nap.io.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Another thing to note is that some switched hubs support a nice feature called "port mirroring" that lets you (depending on $$ paid for switch) mirror all traffic on all (or selected) ports to an extra port where you plug in your monitoring station and sniff away... Charles On Wed, 11 Dec 1996, Brian Tao wrote: > On Wed, 11 Dec 1996, Nate Williams wrote: > > > > I would *certainly* disable BPF on a public server. You can always use > > another box to look at packets that isn't publically available. > > The servers here are all on switched ports, so I can't monitor > all packets on the LAN. I suppose that was one saving grace which > prevented the attacker from doing more damage than he did. I think > the best thing to do is disable bpf, and set up a management station > on the router segment to watch the packets. > -- > Brian Tao (BT300, taob@io.org, taob@ican.net) > Senior Systems and Network Administrator, Internet Canada Corp. > "Though this be madness, yet there is method in't" > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.961211181928.12046A-100000>