Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: Hijacking toolCasper Dik (casperfwi.uva.nl)
Tue, 24 Jan 1995 14:45:39 +0100
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Alec Muffett: "Re: Hijacking tool"
- Previous message: Paul Ferguson: "Re: Hijacking tool"
- In reply to: Paul Ferguson: "Re: Hijacking tool"
- Next in thread: Alec Muffett: "Re: Hijacking tool"
> >> >> There is a tool floating around called TAP which is a kernel mod that >> allows you to easily watch streams on SunOs, and capture what a person >> is typing. It is easy to modify so that you could actually write to >> the stream thus emulating that person and hijacking their terminal >> connection. >> >> To load the modules, the intruder does a modload to add the module to >> the kernel. One way to detect the hijacking tool is to do a >> >> modstat >> >> and see if there is any unfamiliar modules loaded. An intruder could trojan >> modstat so it might be worthwhile to check the integrity of modstat. >> >> > >I'm less concerned about the IP spoofing attack method than I am curious >about this TAP tool. Does anyone have any detailed/technical information >on this in particular? If you're hijacking *connections* isn't it much easier to just steal the filehandles in the kernel? (Just go to a processes' file table and add that processes file * to your open set, e.g., by implementing an new systemcall, interprocess dup: int ipcdup(int pid, int fd)) Can't be more than four or five lines of kernel code. Casper