|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Peter C. Lai (sirmoo
cowbert.2y.net)Date: Mon Apr 08 2002 - 13:14:19 CDT
disabling bpf only prevents someone from running a sniffer on
*your* box should they obtain a shell. I don't see how disabling
it prevents nmap from running syn/fin scans.
Furthermore, if someone obtains root shell, they could just
load a kernel module to enable bpf-like capabilities.
In addition, disabling bpf also breaks DHCP (and/or PPP?). If your host gets
an IP via DHCP (e.g you are running dhclient(1)) you need to enable bpf.
Michael Sharp writes:
> It is my understanding that if you comment OUT the bpf line in the kernel
> and re-compile, this disables things like nmap and prevents a sniffer from
> running on the network * easily * correct?
>
> The reason I put * easily * in there is because I am aware of other ways to
> bypass bpf, but I believe disabling would defeat 99% of the script kiddies.
>
> Michael
>
>
>
> To Unsubscribe: send mail to majordomoFreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
-----------
Peter C. Lai
University of Connecticut
Dept. of Residential Life | Programmer
Dept. of Molecular and Cell Biology | Undergraduate Research Assistant
http://cowbert.2y.net/
860.427.4542 (Room)
860.486.1899 (Lab)
203.206.3784 (Cellphone)
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]