On Fri, Jan 04, 2002 at 10:09:36PM -0600, Dominic J. Eidson wrote: > Except for the fact that you have to be root to "throw the NIC in > promiscuous mode" - and if you're on a shared hosting server, chances that > some other pimply-faced dipshit teenager has root access on the box (who > CARES enough to waste his time sniffing traffic), would IMHO, be small.
Nooo... it can be done by being root. It can also by being able to read the bpf-device, which is an easy way to give people access to sniffer-tools without having to worry about root-access. For example, all the bpf-devices on my computers are like: crw-r----- 1 root network 23, 0 Dec 25 02:52 /dev/bpf0 crw-r----- 1 root network 23, 1 Dec 25 02:52 /dev/bpf1 crw-r----- 1 root network 23, 2 Dec 25 02:52 /dev/bpf2 crw-r----- 1 root network 23, 3 Dec 25 02:52 /dev/bpf3 Put the people who need to have access to tcpdump in the group network and you're done. Furthermore, all your favourite windows machines don't have the limitation regarding access, they just open it and they're happy. > > I would love to use SSH instead. > > It's just a game. Distinctly different from compromising the entire > server. It's just a game, but making this is a challange too. I think you just want to prevent that you can't sniff other peoples passwords :-) Edwin -- Edwin Groothuis | Personal website: http://www.MavEtJu.org [EMAIL PROTECTED] | Interested in MUDs? Visit Fatal Dimensions: ------------------+ http://www.FatalDimensions.org/
