RE: tcpdump installation on unix firewall?

["LeGrow, Matt" <Matt_LeGrow () NAI com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Well tcpdump requires root privilege or needs to be setuid root, or
run as root,  in order to set promisc mode and run correctly.  So
just having it on the firewall won't do you any harm if you remove
the setuid bit (probably disabled by default anyways).  

3DES encrypting a firewall tools directory might be going a little
too far.  You should always pay attention to local security.  But
generally speaking, if someone has access to your machine other than
the proper authorities - game over, dude.

Matt LeGrow
Network Associates, Inc.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Note: Opinions expressed herein are most certainly NOT that of my
employer:-)


- -----Original Message-----
From: Mason Begley [mailto:mbegley () concentric com]
Sent: Tuesday, August 31, 1999 2:27 PM
To: 'Siglite'; Andreas.Bolatzki () ch danzas com
Cc: firewall-wizards () nfr net
Subject: RE: tcpdump installation on unix firewall?


It doesn't matter really since tcpdump could be compiled offline and
then
added by a hacker later. Something that could be used for added
security is
to move all the tools you'll need into a directory and encrypt that
dir with
triple-des and only unencrypt it when its needed.

Mason Begley
Concentric Network. 

 -----Original Message-----
From:   Siglite [mailto:siglite () criticalstop com] 
Sent:   Saturday, August 28, 1999 12:57 AM
To:     Andreas.Bolatzki () ch danzas com
Cc:     firewall-wizards () nfr net
Subject:        Re: tcpdump installation on unix firewall?

I've never run a sniffer directly on the firewall.  However, I've
found it
extremely usefull to have sniffers on both sides of it.  In fact,
that's
generally the first place I go when I'm having a connectivity problem
through the firewall.  

/*-----------------------------------*/
/* I live with FEAR every day.       */
/* But, sometimes, she lets me RACE. */
/*-----------------------------------*/

KT Morgan
Network Engineer
Checkpoint Firewall-1 CCSA/CCSE
Microsoft MCP
Software Systems Group, Inc

On 27 Aug 1999 Andreas.Bolatzki () ch danzas com wrote:

> Hi fw-wizards
>
> Do you consider it an utterly bad idea to install a packet sniffer
> on a 
firewall. (HP box running FW-1).
> Why would I want to do this?
> Perhaps you know this already: If sth. is not working it's either
> the 
firewall or the network.
> I need a tool to proove what's going on... Badly performing server,
> find 
out what normal traffic is for an application (data volume, traffic
profile
for one request....) and more of this kind. 
> Is there anybody out there... doing this?
>
> Does it interfere with the FW-1 software?
>
> Thanks,
>
> Andy :-oe.
>
>
> ---
> Andreas Bolatzki                                                   
> DANZAS Management AG
> Corporate IT Operations and Support                    
> Muenchensteinerstr. 43
> CH-4002 Basel, Switzerland
> Tel. +41 (61) 319 8686,  Fax. +41 (61) 319 8866                 
>  Internet: andreas.bolatzki () ch danzas com
>  X400: C=ch;A=atlas;P=danzas;O=dzchbslho;S=Bolatzki;G=Andreas

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1
Comment: Crypto Provided by Network Associates <http://www.nai.com>

iQA/AwUBN813AhzV4nRUHFtQEQJDCgCg0XC8ln8Kc4a/EjUbjyumjFf5BZ4An0rW
P7drTg95N3KDXLitwn5P7leP
=W0Zz
-----END PGP SIGNATURE-----