[721] in bugtraq
Re: Hijacking tool
daemon@ATHENA.MIT.EDU (Alan Hannan)
Tue Jan 24 11:58:40 1995
From: alan@mid.net (Alan Hannan)
To: casper@fwi.uva.nl (Casper Dik)
Date: Tue, 24 Jan 1995 08:27:36 -0600 (CST)
Cc: paul@hawksbill.sprintmrn.com, cklaus@iss.net, bugtraq@fc.net,
firewalls@GreatCircle.COM, cert@cert.org
In-Reply-To: <199501241345.AA15934@mail.fwi.uva.nl> from "Casper Dik" at Jan 24, 95 02:45:39 pm
> >> There is a tool floating around called TAP which is a kernel mod that
>
Lots of extraneous quoting deleted...
> If you're hijacking *connections* isn't it much easier to just steal
> the filehandles in the kernel?
>
> (Just go to a processes' file table and add that processes file * to
> your open set, e.g., by implementing an new systemcall, interprocess
> dup: int ipcdup(int pid, int fd))
>
> Can't be more than four or five lines of kernel code.
Which is easier for a 14 year old kid, running TAP and rootkit, or rewriting
the kernel code?
--
+ alan@mid.net Network Operations Center (402)/472-0242, Fax (402)/472-0240 +
+ + + + + + + + + + + + + + + + + + ++ + + + + + + + + + + + + + + + + + + + +
+============\\ "Small is the number of them that see with their own eyes +
+MIDnet, Inc. \\____ and feel with their own hearts." - Albert Einstein +
