From owner-freebsd-security  Wed Dec 11 16:58:11 1996
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id QAA25341
          for security-outgoing; Wed, 11 Dec 1996 16:58:11 -0800 (PST)
Received: from cube.i-pi.com (cube.i-pi.com [198.49.217.1])
          by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id QAA25327
          for <freebsd-security@freebsd.org>; Wed, 11 Dec 1996 16:58:08 -0800 (PST)
Received: from socrates.i-pi.com (socrates.i-pi.com [198.49.217.5]) by cube.i-pi.com (8.6.12/8.6.12) with ESMTP id RAA22823; Wed, 11 Dec 1996 17:57:56 -0700
From: Kenneth Ingham <ingham@i-pi.com>
Received: (from ingham@localhost) by socrates.i-pi.com (8.8.0/8.8.0) id RAA04145; Tue, 10 Dec 1996 17:22:08 -0700 (MST)
Message-Id: <199612110022.RAA04145@socrates.i-pi.com>
Subject: Re: Risk of having bpf0? (was URGENT: Packet sniffer found on my system)
In-Reply-To: <Pine.BSF.3.95.961210215417.9494P-100000@nap.io.org> from Brian Tao at "Dec 10, 96 09:58:09 pm"
To: taob@io.org (Brian Tao)
Date: Tue, 10 Dec 1996 17:20:37 -0700 (MST)
Cc: freebsd-security@freebsd.org
X-Mailer: ELM [version 2.4ME+ PL28 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

>     What are people's feelings on enabling devices like bpf or snp
> in the kernel on a public server?  
I'd not enable it on the machines likely to be targets for hacking. 
Instead, use a separate machine to do the network monitoring (I use my
laptop, but that is not the best choice for everyone).

Kenneth