Bugtraq mailing list archives
ANNOUNCE: Freely available TTY monitoring/control program
From: mcn () EnGarde com (Mike Neuman)
Date: Wed, 28 Jun 1995 12:39:17 -0500
The latest in our *-Watcher series, "TTY-Watcher", is now freely available for anonymous FTP: ftp://coast.cs.purdue.edu/pub/tools/unix/ttywatcher For those who were interested in IP-Watcher, it has been released as a commercial product. For more information, take a look at: http://nad.infostructure.com/watcher.html If you're not interested in the IP-Watcher product, but are interested in the inherent vulnerability in TCP/IP it exploits to perform it's active countermeasures, take a look at the web pages as well. (They've been significantly redone since the first announcement, and hopefully are more helpful) :-) Thanks! mcn () EnGarde com En Garde Systems Computer Security Software and Consulting ======
From the README:
What is TTY-Watcher? -------------------- TTY-Watcher is a utility to monitor and control users on a single system. It is based on our IP-Watcher utility, which can be used to monitor and control users on an entire network. It is similar to advise or tap, but with many more advanced features and a user friendly (either X-Windows or text) interface. TTY-Watcher allows the user to monitor every tty on the system, as well as interact with them by: 1) Sharing a TTY. Anything the user types into a monitored TTY window will be sent to the underlying process (and consequently echoed back to the real owner of the TTY). In this way, you are "sharing" a login session with another user. 2) Termination. At the click of a button (or an escape sequence with the text interface), the current connection can be instantly terminated. 3) Stealing. Another click of the button allows the user to "steal" the monitored TTY. The TTY will continue to function as normal for the TTY-Watcher user, but the real owner of the TTY will see no output, and his keystrokes will be ignored. 4) Returning the TTY. After a TTY has been stolen, it can be returned to the user, as though nothing happened. 5) Sending the user a message. A message can be sent to the real owner of the TTY without interfering with the commands he's typing. The message will only be displayed on his screen and will not be sent to the underlying process. Aside from monitoring and controlling TTYs, individual connections can be logged to either a raw logfile for later playback (somewhat like a VCR) or to a text file. Each of these abilities (except for #4) are also available in our commercial IP-Watcher program, except instead of monitoring and controlling TTYs, entire TCP/IP connections can be monitored and controlled. In this way, you can monitor an entire network rather than a single machine. What systems is it available for? --------------------------------- Currently TTY-Watcher works under SunOS 4.x and Solaris 2.x systems. Ports to other systems may be possible (we just don't have access to any others). The requirements for a system are: loadable (or at least user-configurable) device drivers, and STREAMS ttys. It has been tested in the following configurations: sun4m (SS5) running 4.1.3_U1B sun4m (LX) running 2.4 All the hooks are there for other hardware types (sun4c, sun4, etc.), but we don't have access to them. If you have success with these machines, let us know. If not, send us the patches! :-)
Current thread:
- Re: login can be used to hide from finger under SunOS 4.13u1 Michael J. Covington (Jun 02)
- <Possible follow-ups>
- Re: login can be used to hide from finger under SunOS 4.13u1 Paul (Jun 03)
- Windows 95 Espionage ( ?? ) Bernd Lehle (Jun 06)
- Re: Windows 95 Espionage ( ?? ) Tatu Ylonen (Jun 06)
- Windows 95 Espionage ( ?? ) George Mullins (Jun 06)
- Re: Windows 95 Espionage ( ?? ) Christopher D. Heer (Jun 07)
- Bugtraq stalled Scott Chasin (Jun 28)
- ANNOUNCE: Freely available TTY monitoring/control program Mike Neuman (Jun 28)
- Windows 95 Espionage ( ?? ) Bernd Lehle (Jun 06)
- Re: login can be used to hide from finger under SunOS 4.13u1 Colin Jenkins (Jun 06)