Date: Tue, 16 Jul 2002 08:32:54 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: David Banning <david@skytrackercanada.com> Cc: questions@FreeBSD.ORG Subject: Re: security question - tcpdump Message-ID: <20020716073254.GB34849@happy-idiot-talk.infracaninophi> In-Reply-To: <20020716023715.A22086@skytrackercanada.com> References: <20020716023715.A22086@skytrackercanada.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jul 16, 2002 at 02:37:15AM -0400, David Banning wrote: > I am trying to determine how people would read my port info and > pickup passwords and such. From everything I have read so far > about tcpdump and similar programs, doesn't the program have to be > run as root from -within- your system? On FreeBSD systems it just has to be run as a user with read access to /dev/bpf?. By default, that is root only. Yes, running tcpdump on the target system is probably most effective, as you'll capture the most traffic. Running it on the systems you're connecting to or on routers between those end points is almost as good. If you, or any of the networks your packets traverse, are using a hub rather than a switch, then another machine on one of those networks would work very well. Even if you're on a switched network, you can play tricks with arp to fool the switch into sending you a copy of the traffic for another host. In short, if you don't have complete control over the whole network path, and generally even if you do, use cryptography to protect your sensitive data. As for working out what ports are open or closed on your machine, check out the security/nmap port. If there is any sort of network access to your systems, it's extremely difficult to prevent someone scanning you and mapping out what IP numbers are in use and what open ports there are. It's considerably easier to make it impossible for anyone to do that without leaving obvious traces in log files. The best strategy is to scan your own machines youself and make sure that you only leave open the ports belonging to the servers you actually need, and that those servers are adequately secured. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way Tel: +44 1628 476614 Marlow Fax: +44 0870 0522645 Bucks., SL7 1TH UK To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020716073254.GB34849>