Date: Thu, 12 Dec 1996 14:07:01 -0500 (EST) From: Brian Tao <taob@io.org> To: David Greenman <dg@root.com> Cc: FREEBSD-SECURITY-L <freebsd-security@freebsd.org> Subject: Re: Risk of having bpf0? (was URGENT: Packet sniffer found on my system) Message-ID: <Pine.BSF.3.95.961212140255.27209A-100000@nap.io.org> In-Reply-To: <199612110432.UAA10905@root.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 10 Dec 1996, David Greenman wrote:
>
> The moral of the story for me was never to put bpf in a "public"
> server's kernel. I hope you've learned the same lesson. :-)
Indeed I have. :)
> Right, and if you have machines co-located, be sure to always give them
> their own switch port - never connect them to a shared hub.
We have that already, and as soon as equipment space and logistics
allow it, the customer servers will be sitting on their own Ethernet
port on the Cisco in case we want to do filtering or packet
accounting. No customer has root access on their own machines either.
> You should also strongly encourage the use of ssh whenever doing
> remote logins. We've taken all of these precautions at Walnut Creek
> CDROM...
Everyone on staff here has already gotten into the habit of doing
so, and it was made much easier now that F-Secure has released 1.0 of
their SSH client for Windows.
--
Brian Tao (BT300, taob@io.org, taob@ican.net)
Senior Systems and Network Administrator, Internet Canada Corp.
"Though this be madness, yet there is method in't"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.961212140255.27209A-100000>