Bugtraq mailing list archives
Re: Hijacking tool
From: alan () mid net (Alan Hannan)
Date: Tue, 24 Jan 1995 08:27:36 -0600 (CST)
There is a tool floating around called TAP which is a kernel mod that
Lots of extraneous quoting deleted...
If you're hijacking *connections* isn't it much easier to just steal the filehandles in the kernel? (Just go to a processes' file table and add that processes file * to your open set, e.g., by implementing an new systemcall, interprocess dup: int ipcdup(int pid, int fd)) Can't be more than four or five lines of kernel code.
Which is easier for a 14 year old kid, running TAP and rootkit, or rewriting the kernel code? -- + alan () mid net Network Operations Center (402)/472-0242, Fax (402)/472-0240 + + + + + + + + + + + + + + + + + + + ++ + + + + + + + + + + + + + + + + + + + + +============\\ "Small is the number of them that see with their own eyes + +MIDnet, Inc. \\____ and feel with their own hearts." - Albert Einstein +
Current thread:
- Hijacking tool Christopher Klaus (May 10)
- Re: Hijacking tool Paul Ferguson (Jan 24)
- Re: Hijacking tool Casper Dik (Jan 24)
- Re: Hijacking tool Alec Muffett (Jan 24)
- Re: Hijacking tool Alan Hannan (Jan 24)
- Re: Hijacking tool bmanning () isi edu (Jan 24)
- Re: Hijacking tool Scott D. Yelich (Jan 25)
- Re: Hijacking tool Casper Dik (Jan 24)
- Re: Hijacking tool Paul Ferguson (Jan 24)
- Re: Hijacking tool Oliver Friedrichs (Jan 24)
- Re: Hijacking tool Oliver Friedrichs (Jan 24)
- Re: Hijacking tool Eric Conrad (Jan 24)
- Re: Hijacking tool Jim Duncan (Jan 24)
- Re: Hijacking tool John Evans (Jan 24)
- <Possible follow-ups>
- Re: Hijacking tool jim () Tadpole COM (Jan 23)
- Re: Hijacking tool Darren Reed (Jan 23)
- CIAC Advisory F-08: IP Address Spoofing and Hijacked Session Attacks (fwd) Mark Crother (Jan 23)