[sorry for he prev' unfinished mail. bad keystrokes....]
Hi Ron,
At 11:12 31/08/00 +0800, Ronneil Camara wrote:
>Exagerated? Can you explain why?
I mean that while sniffing your lan packets is easy, this is not the case
for networks not (physically) connected to yours.
>Root access to sniff packets? I totally disagree! I am running ethereal as a
>normal user and I can grab packets from our LAN. I even tried changing my ip
>subnet but still, I was able to sniff packets. :-)
From the README file of ethereal:
"In order to capture packets from the network, you need to be running as root,
or have access to the apropriate entry under /dev if your system is so inclined
(BSD-derived systems, and systems such as Solaris and HP-UX ....). Although
it might be tempting to make Ethereal executable setuid root, please don't -
alpha code is by nature not very robust, and liable to contain security holes".
so, if you are able to run ethereal with a "normal" user account, then at
some time,
some user wih root privileges did something to allow it. If this is not
true, then
your OS don't get in the "respectable" class I cited (this is not an attack
against any OS,
and it doesn't mean the OS is bad. read it in and only in the discussed
context).
>Could be but I guess you can setup some remote machines to put install
>sniffing tools. COMPROMISED.
which enters in the "unless someone manages to run a packet ...."
and that's the sense of my "exagerated" qualifier. I mean, that's not
as easy as running a sniffer on one's machine.
regards,
mouss
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
