Date: Tue, 16 Jul 2002 08:32:54 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: David Banning <david@skytrackercanada.com> Cc: questions@FreeBSD.ORG Subject: Re: security question - tcpdump Message-ID: <20020716073254.GB34849@happy-idiot-talk.infracaninophi> In-Reply-To: <20020716023715.A22086@skytrackercanada.com> References: <20020716023715.A22086@skytrackercanada.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jul 16, 2002 at 02:37:15AM -0400, David Banning wrote:
> I am trying to determine how people would read my port info and
> pickup passwords and such. From everything I have read so far
> about tcpdump and similar programs, doesn't the program have to be
> run as root from -within- your system?
On FreeBSD systems it just has to be run as a user with read access to
/dev/bpf?. By default, that is root only.
Yes, running tcpdump on the target system is probably most effective,
as you'll capture the most traffic. Running it on the systems you're
connecting to or on routers between those end points is almost as
good. If you, or any of the networks your packets traverse, are using
a hub rather than a switch, then another machine on one of those
networks would work very well. Even if you're on a switched network,
you can play tricks with arp to fool the switch into sending you a
copy of the traffic for another host.
In short, if you don't have complete control over the whole network
path, and generally even if you do, use cryptography to protect your
sensitive data.
As for working out what ports are open or closed on your machine,
check out the security/nmap port. If there is any sort of network
access to your systems, it's extremely difficult to prevent someone
scanning you and mapping out what IP numbers are in use and what open
ports there are. It's considerably easier to make it impossible for
anyone to do that without leaving obvious traces in log files. The
best strategy is to scan your own machines youself and make sure that
you only leave open the ports belonging to the servers you actually
need, and that those servers are adequately secured.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
Tel: +44 1628 476614 Marlow
Fax: +44 0870 0522645 Bucks., SL7 1TH UK
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020716073254.GB34849>