sniffit for Debian ---------------------- What follows are one of the previous maintainers, Patrick J. Edwards , thoughts on this package, and its security implications. Notes on Security ----------------- This program is highly dangerous, with this program hackers no longer need qcrack or crack for your system. Instead, they can just wait till a user logs in and *BAM* they have a new password. So the point is, this program should be promptly removed in any of the following situations: 1. You are in doubt of the security of your system. Granted that some one who has already creatively acquired (meaning hacked) root can install this program his/her self there is no point in pre-installing this program for them. 2. You have a tendency to act unethically and snoop on you users for no apparent reason. "Good" system admins won't do this. 3. You don't actively search for security holes in your system. If your not doing this and you box is on the Internet 24/7 perhaps you should. Notes on Usage -------------- 1. Don't use this program unless you have to, and once you're done with it uninstall it. 2. Don't scan all ports and all addresses in the hoping of catching a hacker cause you won't, you'll just have vast quantities of logs to search through and very little disk space. Instead wait till you recognize that you have a program user/hacker and then find out what the person is doing (how the hacker is trying to penetrate the system) then start using sniffit to collect your evidence against the offender. [I know this is flying in the face of traditional anti-system-terrorism policies but it leads into my next point] 3. If you persist in using sniffit as a security net for your system DON'T. Plain and simple. Instead of trying to catch the hacker who has already hacked into your system spend your efforts security proofing your system (up to date versions on cron, sendmail, libraries, etc -- almost anything that runs as root or sudo). The overall point is: "Practice preventive medicine not reactive." -- Edward Betts Sun, 12 Sep 1999 11:04:08 +0100