Firewall Wizards mailing list archives
RE: tcpdump installation on unix firewall?
From: "LeGrow, Matt" <Matt_LeGrow () NAI com>
Date: Wed, 1 Sep 1999 11:57:05 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Well tcpdump requires root privilege or needs to be setuid root, or run as root, in order to set promisc mode and run correctly. So just having it on the firewall won't do you any harm if you remove the setuid bit (probably disabled by default anyways). 3DES encrypting a firewall tools directory might be going a little too far. You should always pay attention to local security. But generally speaking, if someone has access to your machine other than the proper authorities - game over, dude. Matt LeGrow Network Associates, Inc. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Note: Opinions expressed herein are most certainly NOT that of my employer:-) - -----Original Message----- From: Mason Begley [mailto:mbegley () concentric com] Sent: Tuesday, August 31, 1999 2:27 PM To: 'Siglite'; Andreas.Bolatzki () ch danzas com Cc: firewall-wizards () nfr net Subject: RE: tcpdump installation on unix firewall? It doesn't matter really since tcpdump could be compiled offline and then added by a hacker later. Something that could be used for added security is to move all the tools you'll need into a directory and encrypt that dir with triple-des and only unencrypt it when its needed. Mason Begley Concentric Network. -----Original Message----- From: Siglite [mailto:siglite () criticalstop com] Sent: Saturday, August 28, 1999 12:57 AM To: Andreas.Bolatzki () ch danzas com Cc: firewall-wizards () nfr net Subject: Re: tcpdump installation on unix firewall? I've never run a sniffer directly on the firewall. However, I've found it extremely usefull to have sniffers on both sides of it. In fact, that's generally the first place I go when I'm having a connectivity problem through the firewall. /*-----------------------------------*/ /* I live with FEAR every day. */ /* But, sometimes, she lets me RACE. */ /*-----------------------------------*/ KT Morgan Network Engineer Checkpoint Firewall-1 CCSA/CCSE Microsoft MCP Software Systems Group, Inc On 27 Aug 1999 Andreas.Bolatzki () ch danzas com wrote:
Hi fw-wizards Do you consider it an utterly bad idea to install a packet sniffer on a
firewall. (HP box running FW-1).
Why would I want to do this? Perhaps you know this already: If sth. is not working it's either the
firewall or the network.
I need a tool to proove what's going on... Badly performing server, find
out what normal traffic is for an application (data volume, traffic profile for one request....) and more of this kind.
Is there anybody out there... doing this? Does it interfere with the FW-1 software? Thanks, Andy :-oe. --- Andreas Bolatzki DANZAS Management AG Corporate IT Operations and Support Muenchensteinerstr. 43 CH-4002 Basel, Switzerland Tel. +41 (61) 319 8686, Fax. +41 (61) 319 8866 Internet: andreas.bolatzki () ch danzas com X400: C=ch;A=atlas;P=danzas;O=dzchbslho;S=Bolatzki;G=Andreas
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.1 Comment: Crypto Provided by Network Associates <http://www.nai.com> iQA/AwUBN813AhzV4nRUHFtQEQJDCgCg0XC8ln8Kc4a/EjUbjyumjFf5BZ4An0rW P7drTg95N3KDXLitwn5P7leP =W0Zz -----END PGP SIGNATURE-----
Current thread:
- RE: tcpdump installation on unix firewall? Lee (Lockdown) Hughes (Sep 01)
- <Possible follow-ups>
- RE: tcpdump installation on unix firewall? LeGrow, Matt (Sep 06)
- Re: tcpdump installation on unix firewall? Woody Weaver (Sep 07)
- RE: tcpdump installation on unix firewall? Ryan Russell (Sep 07)