[729] in bugtraq
Re: Hijacking tool
daemon@ATHENA.MIT.EDU (Eric Conrad)
Tue Jan 24 14:16:30 1995
Date: Tue, 24 Jan 1995 11:37:28 -0500 (EST)
From: Eric Conrad <econrad@bu.edu>
To: Paul Ferguson <paul@hawksbill.sprintmrn.com>
Cc: bugtraq@fc.net
In-Reply-To: <9501241301.AA13672@hawksbill.sprintmrn.com>
> I'm less concerned about the IP spoofing attack method than I am curious
> about this TAP tool. Does anyone have any detailed/technical information
> on this in particular?
I don't think this is anything special to be worried about. Once someone
has root, they can use this tool to clone ttys and break into more systems.
The way I look at it, once the hacker has root, the gig is up anyways.
The measures described to prevent this (disabling loadable kernel
modules) seem pointless -- if the attackers have root, they can
rebuild the kernel to do anything they want.
I found tap via archie -- search for tap-1.24. It may be an older
version.
...Eric
