Firewall Wizards mailing list archives
Re: tcpdump on my firewall
From: Jose Nazario <jose () biocserver BIOC cwru edu>
Date: Fri, 26 Oct 2001 11:51:57 -0400 (EDT)
On Thu, 25 Oct 2001 hesselsp () ashaman dhs org wrote:
I have had a request to put tcpdump on our firewall by one of our tech guys.
I have told him that I will not do so, and he wants a good reason why.
a) tcpdump has had root exploits in the past, they will probably come back up again: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=tcpdump use the cve and bigtraq databases. they are your friends in such a time. b) performance. tcpdump slows down packet processing, among other things, and on a router/gateway thats a noticable hit. suggestion: throw a switch in there and use the reflector port to monitor stuff with a laptop. if you are worried about the laptop getting compromised while sniffing use tcpdump at layer two. on (at least OpenBSD) ifconfig ep1 up (note no address given) and start tcpdump -ni ep1 .... works like a champ. i hope this helps. ____________________________ jose nazario jose () cwru edu PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 PGP key ID 0xFD37F4E5 (pgp.mit.edu) _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- tcpdump on my firewall hesselsp (Oct 26)
- Re: tcpdump on my firewall Jose Nazario (Oct 26)
- Re: tcpdump on my firewall Frederick M Avolio (Oct 26)
- Re: tcpdump on my firewall Chad Schieken (Oct 27)
- RE: Re: tcpdump on my firewall hesselsp (Oct 28)
- RE: Re: tcpdump on my firewall R. DuFresne (Oct 28)
- RE: Re: tcpdump on my firewall hesselsp (Oct 28)
- Re: tcpdump on my firewall Chad Schieken (Oct 27)
- Re: tcpdump on my firewall hermit1 (Oct 27)
- Re: tcpdump on my firewall Barney Wolff (Oct 28)