:> BTW, I wrote this section because a hacker actually installed the bpf
:> device via the module loader during one of the root compromises at BEST,
:> a year or two ago. He had gotten it from a hackers cookbook of exploits
:> which he convieniently left on-disk long enough for our daily backups to
:> catch it :-).
:
:This doesn't actually help the attacker much, since at that point in
:time the network drivers wouldn't have been calling the bpf tap points,
:so it might well have been loaded, but it wouldn't have been _doing_
:anything useful.
Whatever it was, it was recording packets. This was a year or so ago,
I don't have the code handy.
-Matt
Matthew Dillon
<[EMAIL PROTECTED]>
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
- So, back on the topic of enabling bpf in GENERIC... Jordan K. Hubbard
- Re: So, back on the topic of enabling bpf in GENERI... David E. Cross
- Re: So, back on the topic of enabling bpf in GE... Jordan K. Hubbard
- Re: So, back on the topic of enabling bpf in GENERI... Brian F. Feldman
- Re: So, back on the topic of enabling bpf in GE... Jordan K. Hubbard
- Re: So, back on the topic of enabling bpf i... Brian F. Feldman
- Re: So, back on the topic of enabling b... Brian F. Feldman
- Re: So, back on the topic of enabl... Matthew Dillon
- Re: So, back on the topic of e... Brian F. Feldman
- Re: So, back on the topic of e... Mike Smith
- Re: So, back on the topic ... Matthew Dillon
- Re: So, back on the topic of enabl... Warner Losh
- Re: So, back on the topic of e... Alfred Perlstein
- Re: So, back on the topic ... Warner Losh
- Re: So, back on the topic of e... Jordan K. Hubbard
- Re: So, back on the topic ... Warner Losh
- Re: So, back on the topic ... Matthew Dillon
- Re: So, back on the topic ... Wes Peters
- Re: So, back on the topic of e... Sergey Babkin
- Re: So, back on the topic ... Matthew Dillon
- Re: So, back on the topic ... Wes Peters
