Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq archives for 1st quarter (Jan-Mar) 1995: Re: Hijacking tool

Re: Hijacking tool

Paul Ferguson (paulhawksbill.sprintmrn.com)
Tue, 24 Jan 1995 08:01:40 -0500 (EST)

> There is a tool floating around called TAP which is a kernel mod that
> allows you to easily watch streams on SunOs, and capture what a person
> is typing.  It is easy to modify so that you could actually write to
> the stream thus emulating that person and hijacking their terminal 
> connection.  
> To load the modules, the intruder does a modload to add the module to
> the kernel.  One way to detect the hijacking tool is to do a
> 	modstat
> and see if there is any unfamiliar modules loaded.  An intruder could trojan
> modstat so it might be worthwhile to check the integrity of modstat.

I'm less concerned about the IP spoofing attack method than I am curious
about this TAP tool. Does anyone have any detailed/technical information
on this in particular?


- paul

Paul Ferguson                         
US Sprint                                          tel: 703.689.6828
Managed Network Engineering                   internet: paulhawk.sprintmrn.com
Reston, Virginia  USA                             http://www.sprintmrn.com