[735] in bugtraq
Re: Hijacking tool
daemon@ATHENA.MIT.EDU (Quentin Fennessy)
Tue Jan 24 15:53:29 1995
Date: Tue, 24 Jan 1995 12:23:22 -0600
From: Quentin Fennessy <Quentin.Fennessy@SEMATECH.Org>
To: Alec.Muffett@UK.Sun.COM (Alec Muffett)
Cc: bugtraq@fc.net
> >
> >If you're hijacking *connections* isn't it much easier to just steal
> >the filehandles in the kernel?
>
> Not if you're on entirely another host.
>
> That's the point of RTM-Snr's attack, as expanded upon by
> Bellovin. Guessing sequence numbers and flooding the remote machine
>
> - alec
Alec-
I think you may be confusing two techniques here - both of which
have just become more 'popular.' I believe the hijacking technique
is to use TAP, a modloadable SunOS driver to read and possibly write
to an established pty.
The TCP sequence number is what RTM and SMB wrote about. This is
different - you don't need root anywhere to to that.
Quentin
