From owner-freebsd-security Tue Apr 25 8:24: 9 2000 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 75E3637BDBC for ; Tue, 25 Apr 2000 08:24:04 -0700 (PDT) (envelope-from Cy.Schubert@uumail.gov.bc.ca) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id IAA29451; Tue, 25 Apr 2000 08:23:27 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda29449; Tue Apr 25 08:23:19 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.9.3/8.9.1) id IAA07556; Tue, 25 Apr 2000 08:23:18 -0700 (PDT) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdiC7535; Tue Apr 25 08:22:30 2000 Received: (from uucp@localhost) by cwsys.cwsent.com (8.9.3/8.9.1) id IAA03533; Tue, 25 Apr 2000 08:22:30 -0700 (PDT) Message-Id: <200004251522.IAA03533@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdPj3527; Tue Apr 25 08:21:46 2000 X-Mailer: exmh version 2.1.1 10/15/1999 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 4.0-STABLE X-Sender: cy To: James Wyatt Cc: Cy Schubert - ITSD Open Systems Group , Alex Michlin , freebsd-security@FreeBSD.ORG Subject: Re: egd vs /dev/random on FBSD In-reply-to: Your message of "Mon, 24 Apr 2000 13:44:41 CDT." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 25 Apr 2000 08:21:46 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message , James Wyatt writes: > On Mon, 24 Apr 2000, Cy Schubert - ITSD Open Systems Group wrote: > > In message .hom > > e.com>, Alex Michlin writes: > > > How can a hacker enable promiscious mode though an ftp connection? > > > I did a `last` to see who, if anyone, logged on and the only logon I saw > > > was an ftp connection from an @home machine. I don't see any extra > > > programs running on the machine. Do I need to be concerned about telnet > > > passwords, etc? > > > > > > Apr 20 13:10:12 hostname /kernel: xl0: promiscuous mode enabled > > > > Are you sure it's a hacker? Do these "events" coincide with other > > events, e.g. system boot, an application starting, etc.? For example, > > we use an application called egd (entropy gathering daemon) on our > > servers on our raised floors, which puts the interfaces into > > promiscuous mode, among other entropy gathering things done, just after > > boot to initially set up its entropy pool. Therefore I can directly > > correlate promiscuous mode with system boot. > > I thought that /dev/random was good enough on FreeBSD, given a reasonably > busy IRQ (no problem around here!). I have to run egd on an AIX box to get > a reasonable amount of entropy - and still can't get GPG to compile quite > right on it... - Jy@ We use egd on our Suns and Alphas. On our FreeBSD systems we use /dev/random. There was a whole discussion about this on -security or -stable about a year ago regarding which interrupts were best to use which might have a better chance of causing the system to crash. Keyboards were O.K., disk controllers and NIC cards were generally not O.K. Can FreeBSD-4 handle more interrupt latency than [23].x did (cannot recall whether the thread was talking about FreeBSD-2 or 3)? Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message