[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Avoid low level network access



On Wednesday 09 April 2003 21:21, Daniel Hartmeier wrote:
> For instance, incoming packets will be dispatched through bpf before they
> are filtered by pf, so you'll see all incoming packets on a pcap listener
> (like snort), even if they are later blocked by pf.
>
> A consequence is that pf can't protect pcap listeners from any traffic.
Is there a way to modify the GENERIC kernel to be unable to handle pcap, 
libnet & software like ettercap ?
I could remove those libs from my system, I could rebuild the kernel removing 
unwanted interfaces, but obviously I have to keep bpf & C.
I would like to be sure that my kernel doesn't permit injecting or reading 
packets directly on the wire.
Is there a quick way to do so ?
	Ed