Re: Hijacking tool

paulhawksbill.sprintmrn.com

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Casper Dik: "Re: Hijacking tool"
• Previous message: Darren Reed: "Re: A quick patch to help against TCP ISN guessing."
• In reply to: Christopher Klaus: "Hijacking tool"
• Next in thread: Casper Dik: "Re: Hijacking tool"

> 
> There is a tool floating around called TAP which is a kernel mod that
> allows you to easily watch streams on SunOs, and capture what a person
> is typing.  It is easy to modify so that you could actually write to
> the stream thus emulating that person and hijacking their terminal 
> connection.  
> 
> To load the modules, the intruder does a modload to add the module to
> the kernel.  One way to detect the hijacking tool is to do a
> 
> 	modstat
> 
> and see if there is any unfamiliar modules loaded.  An intruder could trojan
> modstat so it might be worthwhile to check the integrity of modstat.
> 
>

I'm less concerned about the IP spoofing attack method than I am curious
about this TAP tool. Does anyone have any detailed/technical information
on this in particular?

Thanks,

- paul

 
_______________________________________________________________________________
Paul Ferguson                         
US Sprint                                          tel: 703.689.6828
Managed Network Engineering                   internet: paulhawk.sprintmrn.com
Reston, Virginia  USA                             http://www.sprintmrn.com 

• Next message: Casper Dik: "Re: Hijacking tool"
• Previous message: Darren Reed: "Re: A quick patch to help against TCP ISN guessing."
• In reply to: Christopher Klaus: "Hijacking tool"
• Next in thread: Casper Dik: "Re: Hijacking tool"