:> BTW, I wrote this section because a hacker actually installed the bpf :> device via the module loader during one of the root compromises at BEST, :> a year or two ago. He had gotten it from a hackers cookbook of exploits :> which he convieniently left on-disk long enough for our daily backups to :> catch it :-). : :This doesn't actually help the attacker much, since at that point in :time the network drivers wouldn't have been calling the bpf tap points, :so it might well have been loaded, but it wouldn't have been _doing_ :anything useful.
Whatever it was, it was recording packets. This was a year or so ago, I don't have the code handy. -Matt Matthew Dillon <dil...@backplane.com> To Unsubscribe: send mail to majord...@freebsd.org with "unsubscribe freebsd-hackers" in the body of the message