>Well tcpdump requires root privilege or needs to be setuid root, or
>run as root, in order to set promisc mode and run correctly. So
>just having it on the firewall won't do you any harm if you remove
>the setuid bit (probably disabled by default anyways).
Haven't tried the setuid thing with TCPDump. It's definately not on by default.
That would be a Bad Thing (tm).
I did try this once with snoop on a Solaris 2.6 box. It refused to run.
Mixed feelings about that... I can appreciate the reasoning...
but I don't always appreciate tools saving me from myself.
>3DES encrypting a firewall tools directory might be going a little
>too far. You should always pay attention to local security. But
>generally speaking, if someone has access to your machine other than
>the proper authorities - game over, dude.
Indeed.
I attended MJR's talk at Blackhat recently. I really enjoyed the part
about custom burglar alarms and booby traps. Anyone considered
leaving TCPDump there on purpose, and running Antisniff on a
neighboring machine?
Ryan
Received on Sep 07 1999
Intro
