Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Peter C. Lai (sirmoocowbert.2y.net)
Date: Mon Apr 08 2002 - 13:14:19 CDT
disabling bpf only prevents someone from running a sniffer on
*your* box should they obtain a shell. I don't see how disabling
it prevents nmap from running syn/fin scans.
Furthermore, if someone obtains root shell, they could just
load a kernel module to enable bpf-like capabilities.
In addition, disabling bpf also breaks DHCP (and/or PPP?). If your host gets
an IP via DHCP (e.g you are running dhclient(1)) you need to enable bpf.
Michael Sharp writes:
> It is my understanding that if you comment OUT the bpf line in the kernel
> and re-compile, this disables things like nmap and prevents a sniffer from
> running on the network * easily * correct?
> The reason I put * easily * in there is because I am aware of other ways to
> bypass bpf, but I believe disabling would defeat 99% of the script kiddies.
> To Unsubscribe: send mail to majordomoFreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
Peter C. Lai
University of Connecticut
Dept. of Residential Life | Programmer
Dept. of Molecular and Cell Biology | Undergraduate Research Assistant
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message