Yuri Robbers wrote:
On Mon, 30 Oct 2000, Anibal Vasquez wrote:
Ist there a possibility to set all ports above 1023 on a specific device to be "privileged" so only root can use them? I want to "prevent" users from sniffing e.g. X-sessions...
I don't know how to set ports above 1023 to be privileged, but doing so is not necessary to prevent sniffing. In order to use a NIC to sniff network traffic, it must be in promiscuous mode, which can only be enabled by root. In other words: users are "prevented" from sniffing already.
Ohh, I´m sorry. The users I write about are logged in a machine running xdm for some X-terminals. These users could write their own programms to listen on the right ports on the machine, so they can sniff whole x-sessions. So if I can reserve all ports of the ethernet device connected to the X-terminals ro root no user would be able to to this, right? Thanks again, Anibal