From owner-freebsd-security Thu Dec 12 11:14:59 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id LAA28907 for security-outgoing; Thu, 12 Dec 1996 11:14:59 -0800 (PST) Received: from ican.net (ican.net [198.133.36.9]) by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id LAA28902 for ; Thu, 12 Dec 1996 11:14:56 -0800 (PST) Received: from gate.ican.net(really [198.133.36.2]) by ican.net via sendmail with esmtp id for ; Thu, 12 Dec 1996 14:13:35 -0500 (EST) (Smail-3.2 1996-Jul-4 #1 built 1996-Jul-10) Received: (from smap@localhost) by gate.ican.net (8.7.5/8.7.3) id OAA23606; Thu, 12 Dec 1996 14:10:06 -0500 (EST) Received: from nap.io.org(10.1.1.3) by gate.ican.net via smap (V1.3) id sma023604; Thu Dec 12 14:10:05 1996 Received: from localhost (taob@localhost) by nap.io.org (8.7.5/8.7.3) with SMTP id OAA27248; Thu, 12 Dec 1996 14:07:02 -0500 (EST) X-Authentication-Warning: nap.io.org: taob owned process doing -bs Date: Thu, 12 Dec 1996 14:07:01 -0500 (EST) From: Brian Tao To: David Greenman cc: FREEBSD-SECURITY-L Subject: Re: Risk of having bpf0? (was URGENT: Packet sniffer found on my system) In-Reply-To: <199612110432.UAA10905@root.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Tue, 10 Dec 1996, David Greenman wrote: > > The moral of the story for me was never to put bpf in a "public" > server's kernel. I hope you've learned the same lesson. :-) Indeed I have. :) > Right, and if you have machines co-located, be sure to always give them > their own switch port - never connect them to a shared hub. We have that already, and as soon as equipment space and logistics allow it, the customer servers will be sitting on their own Ethernet port on the Cisco in case we want to do filtering or packet accounting. No customer has root access on their own machines either. > You should also strongly encourage the use of ssh whenever doing > remote logins. We've taken all of these precautions at Walnut Creek > CDROM... Everyone on staff here has already gotten into the habit of doing so, and it was made much easier now that F-Secure has released 1.0 of their SSH client for Windows. -- Brian Tao (BT300, taob@io.org, taob@ican.net) Senior Systems and Network Administrator, Internet Canada Corp. "Though this be madness, yet there is method in't"