Bugtraq mailing list archives

Re: Hijacking tool

From: paul () hawksbill sprintmrn com (Paul Ferguson)
Date: Tue, 24 Jan 1995 08:01:40 -0500 (EST)


There is a tool floating around called TAP which is a kernel mod that
allows you to easily watch streams on SunOs, and capture what a person
is typing.  It is easy to modify so that you could actually write to
the stream thus emulating that person and hijacking their terminal 
connection.  

To load the modules, the intruder does a modload to add the module to
the kernel.  One way to detect the hijacking tool is to do a

      modstat

and see if there is any unfamiliar modules loaded.  An intruder could trojan
modstat so it might be worthwhile to check the integrity of modstat.


I'm less concerned about the IP spoofing attack method than I am curious
about this TAP tool. Does anyone have any detailed/technical information
on this in particular?

Thanks,

- paul

 
_______________________________________________________________________________
Paul Ferguson                         
US Sprint                                          tel: 703.689.6828
Managed Network Engineering                   internet: paul () hawk sprintmrn com
Reston, Virginia  USA                             http://www.sprintmrn.com

Current thread:

Hijacking tool Christopher Klaus (May 10)
- Re: Hijacking tool Paul Ferguson (Jan 24)
  - Re: Hijacking tool Casper Dik (Jan 24)
    - Re: Hijacking tool Alec Muffett (Jan 24)
    - Re: Hijacking tool Alan Hannan (Jan 24)
    - Re: Hijacking tool bmanning () isi edu (Jan 24)
    - Re: Hijacking tool Scott D. Yelich (Jan 25)
  - Re: Hijacking tool Oliver Friedrichs (Jan 24)
    - Re: Hijacking tool Oliver Friedrichs (Jan 24)
  - Re: Hijacking tool Eric Conrad (Jan 24)
    - Re: Hijacking tool Jim Duncan (Jan 24)
    - Re: Hijacking tool John Evans (Jan 24)

(Thread continues...)