From owner-freebsd-security Sat May 29 17: 3:45 1999 Delivered-To: freebsd-security@freebsd.org Received: from shell6.ba.best.com (shell6.ba.best.com [206.184.139.137]) by hub.freebsd.org (Postfix) with ESMTP id D811D14CF9 for ; Sat, 29 May 1999 17:03:39 -0700 (PDT) (envelope-from jkb@shell6.ba.best.com) Received: (from jkb@localhost) by shell6.ba.best.com (8.9.3/8.9.2/best.sh) id RAA28474; Sat, 29 May 1999 17:03:25 -0700 (PDT) Message-ID: <19990529170325.A28298@best.com> Date: Sat, 29 May 1999 17:03:25 -0700 From: "Jan B. Koum " To: William Woods , Justin Wolf Cc: FreeBSD Security Subject: Re: System beeing cracked! References: <006201bea999$ee5e4b00$06c3fe90@cisco.com> <000001beaa1c$3b44bf80$264b93cd@william> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: <000001beaa1c$3b44bf80$264b93cd@william>; from William Woods on Sat, May 29, 1999 at 02:43:04PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, May 29, 1999 at 02:43:04PM -0700, William Woods wrote: > > unless you have to. Don't have bpf compiled into the kernel. Get strobe > > OK....why is this a bad thig? I need bpf (or so I understand) to use nmap > > William > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message Usually if someone cracks root on your box, they can then sniff the LAN for pop3/telnet/ftp passwords and compromise other systems on that LAN. On the other hand, if someone cracks root and you have LKM (or KLD) enabled, a skilled attacker can just insert a bpf module into a running system I would guess. There is a paper on how to abuse LKM under linux at: http://www.infowar.co.uk/thc/files/thc/LKM_HACKING.html -- Yan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message