Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 29 May 1999 17:03:25 -0700
From:      "Jan B. Koum " <jkb@best.com>
To:        William Woods <wwoods@cybcon.com>, Justin Wolf <jjwolf@bleeding.com>
Cc:        FreeBSD Security <freebsd-security@FreeBSD.ORG>
Subject:   Re: System beeing cracked!
Message-ID:  <19990529170325.A28298@best.com>
In-Reply-To: <000001beaa1c$3b44bf80$264b93cd@william>; from William Woods on Sat, May 29, 1999 at 02:43:04PM -0700
References:  <006201bea999$ee5e4b00$06c3fe90@cisco.com> <000001beaa1c$3b44bf80$264b93cd@william>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Sat, May 29, 1999 at 02:43:04PM -0700, William Woods <wwoods@cybcon.com> wrote:
> > unless you have to.  Don't have bpf compiled into the kernel.  Get strobe
> 
> OK....why is this a bad thig? I need bpf (or so I understand) to use nmap
> 
> William
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

	Usually if someone cracks root on your box, they can then sniff the
LAN for pop3/telnet/ftp passwords and compromise other systems on that LAN.

On the other hand, if someone cracks root and you have LKM (or KLD) enabled,
a skilled attacker can just insert a bpf module into a running system I
would guess. There is a paper on how to abuse LKM under linux at:

http://www.infowar.co.uk/thc/files/thc/LKM_HACKING.html

-- Yan


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?19990529170325.A28298>