File: README.Debian

package info (click to toggle)
sniffit 0.5-1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, sid
  • size: 428 kB
  • sloc: ansic: 4,245; sh: 21; makefile: 17
file content (48 lines) | stat: -rw-r--r-- 2,260 bytes parent folder | download | duplicates (3)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
sniffit for Debian
----------------------

What follows are one of the previous maintainers, Patrick J. Edwards
<edwards@cambridgenet.sk.ca>, thoughts on this package, and its security
implications.

Notes on Security
-----------------
        This program is highly dangerous, with this program hackers no
longer need qcrack or crack for your system. Instead, they can just wait
till a user logs in and *BAM* they have a new password. So the point is,
this program should be promptly removed in any of the following situations:

        1. You are in doubt of the security of your system. Granted that
        some one who has already creatively acquired (meaning hacked) root
        can install this program his/her self there is no point in
        pre-installing this program for them.

        2. You have a tendency to act unethically and snoop on you users for
        no apparent reason. "Good" system admins won't do this.

        3. You don't actively search for security holes in your system. If
        your not doing this and you box is on the Internet 24/7 perhaps you
        should.

Notes on Usage
--------------
        1. Don't use this program unless you have to, and once you're done
with it uninstall it.
        2. Don't scan all ports and all addresses in the hoping of catching
a hacker cause you won't, you'll just have vast quantities of logs to search
through and very little disk space. Instead wait till you recognize that you
have a program user/hacker and then find out what the person is doing (how
the hacker is trying to penetrate the system) then start using sniffit to
collect your evidence against the offender. [I know this is flying in the
face of traditional anti-system-terrorism policies but it leads into my next
point]
        3. If you persist in using sniffit as a security net for your system
DON'T. Plain and simple. Instead of trying to catch the hacker who has
already hacked into your system spend your efforts security proofing your
system (up to date versions on cron, sendmail, libraries, etc -- almost
anything that runs as root or sudo).

        The overall point is:
                "Practice preventive medicine not reactive."

 -- Edward Betts <edward@debian.org>  Sun, 12 Sep 1999 11:04:08 +0100