Date: Tue, 25 Apr 2000 08:21:46 -0700 From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: James Wyatt <jwyatt@rwsystems.net> Cc: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>, Alex Michlin <alex@delete.org>, freebsd-security@FreeBSD.ORG Subject: Re: egd vs /dev/random on FBSD Message-ID: <200004251522.IAA03533@cwsys.cwsent.com> In-Reply-To: Your message of "Mon, 24 Apr 2000 13:44:41 CDT." <Pine.BSF.4.10.10004241331340.748-100000@bsdie.rwsystems.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <Pine.BSF.4.10.10004241331340.748-100000@bsdie.rwsystems.net> , James Wyatt writes: > On Mon, 24 Apr 2000, Cy Schubert - ITSD Open Systems Group wrote: > > In message <Pine.BSF.4.10.10004211424240.5248-100000@cx638115-d.sthngtn1.ct > .hom > > e.com>, Alex Michlin writes: > > > How can a hacker enable promiscious mode though an ftp connection? > > > I did a `last` to see who, if anyone, logged on and the only logon I saw > > > was an ftp connection from an @home machine. I don't see any extra > > > programs running on the machine. Do I need to be concerned about telnet > > > passwords, etc? > > > > > > Apr 20 13:10:12 hostname /kernel: xl0: promiscuous mode enabled > > > > Are you sure it's a hacker? Do these "events" coincide with other > > events, e.g. system boot, an application starting, etc.? For example, > > we use an application called egd (entropy gathering daemon) on our > > servers on our raised floors, which puts the interfaces into > > promiscuous mode, among other entropy gathering things done, just after > > boot to initially set up its entropy pool. Therefore I can directly > > correlate promiscuous mode with system boot. > > I thought that /dev/random was good enough on FreeBSD, given a reasonably > busy IRQ (no problem around here!). I have to run egd on an AIX box to get > a reasonable amount of entropy - and still can't get GPG to compile quite > right on it... - Jy@ We use egd on our Suns and Alphas. On our FreeBSD systems we use /dev/random. There was a whole discussion about this on -security or -stable about a year ago regarding which interrupts were best to use which might have a better chance of causing the system to crash. Keyboards were O.K., disk controllers and NIC cards were generally not O.K. Can FreeBSD-4 handle more interrupt latency than [23].x did (cannot recall whether the thread was talking about FreeBSD-2 or 3)? Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200004251522.IAA03533>