Bugtraq mailing list archives

Re: Hijacking tool

From: alan () mid net (Alan Hannan)
Date: Tue, 24 Jan 1995 08:27:36 -0600 (CST)

There is a tool floating around called TAP which is a kernel mod that


Lots of extraneous quoting deleted...

If you're hijacking *connections* isn't it much easier to just steal
the filehandles in the kernel?

(Just go to a processes' file table and add that processes file * to
your open set, e.g., by implementing an new systemcall, interprocess
dup:  int ipcdup(int pid, int fd))

Can't be more than four or five lines of kernel code.


  Which is easier for a 14 year old kid, running TAP and rootkit, or rewriting
the kernel code?

-- 
+ alan () mid net Network Operations Center (402)/472-0242, Fax (402)/472-0240  +
+ + + + + + + + + + + + + + + + + + ++ + + + + + + + + + + + + + + + + + + + +
+============\\ "Small is the number of them that see with their own eyes    +
+MIDnet, Inc. \\____  and feel with their own hearts." - Albert Einstein     +

Current thread:

Hijacking tool Christopher Klaus (May 10)
- Re: Hijacking tool Paul Ferguson (Jan 24)
  - Re: Hijacking tool Casper Dik (Jan 24)
    - Re: Hijacking tool Alec Muffett (Jan 24)
    - Re: Hijacking tool Alan Hannan (Jan 24)
    - Re: Hijacking tool bmanning () isi edu (Jan 24)
    - Re: Hijacking tool Scott D. Yelich (Jan 25)
  - Re: Hijacking tool Oliver Friedrichs (Jan 24)
    - Re: Hijacking tool Oliver Friedrichs (Jan 24)
  - Re: Hijacking tool Eric Conrad (Jan 24)
    - Re: Hijacking tool Jim Duncan (Jan 24)
    - Re: Hijacking tool John Evans (Jan 24)
- <Possible follow-ups>
- Re: Hijacking tool jim () Tadpole COM (Jan 23)
  - Re: Hijacking tool Darren Reed (Jan 23)
  - CIAC Advisory F-08: IP Address Spoofing and Hijacked Session Attacks (fwd) Mark Crother (Jan 23)

(Thread continues...)