Ethereal development <ethereal-dev@xxxxxxxxxxxx> schrieb am 08.02.05 10:43:20:
>
> * Lars Roland <lars.roland@xxxxxxx> [01/01/70 - 01:00]:
>
> With currently default settings, an administrator knows that he has to
> manually stop the driver after using it for capturing data from the
> network, using the "net stop npf" command.
Hmm, this might be: "the administrator *should* know" as this information seems to be buried deep down inside the Winpcap documentation. I'm using WinPcap for a long time, read the documentation not only once, but wasn't aware of this fact :-(
>
> It is even recommended to run ethereal as a non-privileged user on
> Windows, using runas to manually start the NPF driver before starting
> ethereal:
>
> runas /u:administrator "net start npf"
>
> So, modifying the startup mode of the NPF driver is probably not a good
> idea.
>
I've started a new Wiki page at: http://wiki.ethereal.com/Security, describing in a user's point of view the reasons and steps to do. Other's might provide informations for other platforms than windows (as I only know that platform good enough).
The page information might be included in the user's guide one day.
Regards, ULFL
__________________________________________________________
Mit WEB.DE FreePhone mit hoechster Qualitaet ab 0 Ct./Min.
weltweit telefonieren! http://freephone.web.de/?mc=021201
