[718] in bugtraq
Re: Hijacking tool
daemon@ATHENA.MIT.EDU (Paul Ferguson)
Tue Jan 24 10:31:22 1995
From: paul@hawksbill.sprintmrn.com (Paul Ferguson)
To: cklaus@iss.net (Christopher Klaus)
Date: Tue, 24 Jan 1995 08:01:40 -0500 (EST)
Cc: bugtraq@fc.net, firewalls@GreatCircle.COM, cert@cert.org
In-Reply-To: <199501232320.PAA00794@iss.net> from "Christopher Klaus" at Jan 23, 95 03:20:06 pm
>
> There is a tool floating around called TAP which is a kernel mod that
> allows you to easily watch streams on SunOs, and capture what a person
> is typing. It is easy to modify so that you could actually write to
> the stream thus emulating that person and hijacking their terminal
> connection.
>
> To load the modules, the intruder does a modload to add the module to
> the kernel. One way to detect the hijacking tool is to do a
>
> modstat
>
> and see if there is any unfamiliar modules loaded. An intruder could trojan
> modstat so it might be worthwhile to check the integrity of modstat.
>
>
I'm less concerned about the IP spoofing attack method than I am curious
about this TAP tool. Does anyone have any detailed/technical information
on this in particular?
Thanks,
- paul
_______________________________________________________________________________
Paul Ferguson
US Sprint tel: 703.689.6828
Managed Network Engineering internet: paul@hawk.sprintmrn.com
Reston, Virginia USA http://www.sprintmrn.com
