|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: tcpdump installation on unix firewall?
Ryan Russell (Ryan.Russell
sybase.com)
Mon, 6 Sep 1999 18:01:46 -0700
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Mailing Lists: "Re: Free NAT for NT?"
- Previous message: Robert Graham: "Re: Free NAT for NT?"
- Maybe in reply to: Ryan Russell: "Free NAT for NT?"
>Well tcpdump requires root privilege or needs to be setuid root, or
>run as root, in order to set promisc mode and run correctly. So
>just having it on the firewall won't do you any harm if you remove
>the setuid bit (probably disabled by default anyways).
Haven't tried the setuid thing with TCPDump. It's definately not on by default.
That would be a Bad Thing (tm).
I did try this once with snoop on a Solaris 2.6 box. It refused to run.
Mixed feelings about that... I can appreciate the reasoning...
but I don't always appreciate tools saving me from myself.
>3DES encrypting a firewall tools directory might be going a little
>too far. You should always pay attention to local security. But
>generally speaking, if someone has access to your machine other than
>the proper authorities - game over, dude.
Indeed.
I attended MJR's talk at Blackhat recently. I really enjoyed the part
about custom burglar alarms and booby traps. Anyone considered
leaving TCPDump there on purpose, and running Antisniff on a
neighboring machine?
Ryan
- Next message: Mailing Lists: "Re: Free NAT for NT?"
- Previous message: Robert Graham: "Re: Free NAT for NT?"
- Maybe in reply to: Ryan Russell: "Free NAT for NT?"
This archive was generated by hypermail 2.0b3 on Tue Sep 07 1999 - 18:04:40 CDT