Bugtraq mailing list archives
Re: Hijacking tool
From: avalon () coombs anu edu au (Darren Reed)
Date: Tue, 24 Jan 1995 10:31:21 +1100 (EDT)
There is a tool floating around called TAP which is a kernel mod that allows you to easily watch streams on SunOs, and capture what a person is typing. It is easy to modify so that you could actually write to the stream thus emulating that person and hijacking their terminal connection. To load the modules, the intruder does a modload to add the module to the kernel. One way to detect the hijacking tool is to do a modstat and see if there is any unfamiliar modules loaded. An intruder could trojan modstat so it might be worthwhile to check the integrity of modstat.If the 'cracker' has enough access to modload the code of his or her choosing into your machine, you have no security. That is to say, anyone who can modload the code is *already* root, and could with enough care and patience, just read the data out of the kernel streams buffers using, oh, adb, or even 'crash'.
[...] In the more recent versions of 'BSD based operating systems based on 4.4-Lite, with the kernel security level stuff, I believe it is not possible to load a kernel module after it has left single user mode. Does anyone know of a hack to SunOS which affords the same kind of `protection' ? Of course, /dev/kmem & /dev/mem would need to become read-only devices too... Darren
Current thread:
- Re: Hijacking tool, (continued)
- Re: Hijacking tool Alec Muffett (Jan 24)
- Re: Hijacking tool Alan Hannan (Jan 24)
- Re: Hijacking tool bmanning () isi edu (Jan 24)
- Re: Hijacking tool Scott D. Yelich (Jan 25)
- Re: Hijacking tool Oliver Friedrichs (Jan 24)
- Re: Hijacking tool Oliver Friedrichs (Jan 24)
- Re: Hijacking tool Eric Conrad (Jan 24)
- Re: Hijacking tool Jim Duncan (Jan 24)
- Re: Hijacking tool John Evans (Jan 24)
- Re: Hijacking tool Darren Reed (Jan 23)
- CIAC Advisory F-08: IP Address Spoofing and Hijacked Session Attacks (fwd) Mark Crother (Jan 23)
- Anti Hijacking tools Pete Shipley (Jan 27)
- Re: Anti Hijacking tools jsz (Jan 28)
- Re: Anti Hijacking tools Karl Strickland (Jan 28)
- Re: Anti Hijacking tools Darren Reed (Jan 28)
- Re: Hijacking tool Timothy Newsham (Jan 25)