Firewall Wizards mailing list archives
RE: tcpdump installation on unix firewall?
From: "Ryan Russell" <Ryan.Russell () sybase com>
Date: Mon, 6 Sep 1999 18:01:46 -0700
Well tcpdump requires root privilege or needs to be setuid root, or run as root, in order to set promisc mode and run correctly. So just having it on the firewall won't do you any harm if you remove the setuid bit (probably disabled by default anyways).
Haven't tried the setuid thing with TCPDump. It's definately not on by default. That would be a Bad Thing (tm). I did try this once with snoop on a Solaris 2.6 box. It refused to run. Mixed feelings about that... I can appreciate the reasoning... but I don't always appreciate tools saving me from myself.
3DES encrypting a firewall tools directory might be going a little too far. You should always pay attention to local security. But generally speaking, if someone has access to your machine other than the proper authorities - game over, dude.
Indeed. I attended MJR's talk at Blackhat recently. I really enjoyed the part about custom burglar alarms and booby traps. Anyone considered leaving TCPDump there on purpose, and running Antisniff on a neighboring machine? Ryan
Current thread:
- RE: tcpdump installation on unix firewall? Lee (Lockdown) Hughes (Sep 01)
- <Possible follow-ups>
- RE: tcpdump installation on unix firewall? LeGrow, Matt (Sep 06)
- Re: tcpdump installation on unix firewall? Woody Weaver (Sep 07)
- RE: tcpdump installation on unix firewall? Ryan Russell (Sep 07)