Re: Hijacking tool

alanmid.net

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Oliver Friedrichs: "Re: Hijacking tool"
• Previous message: Alec Muffett: "Re: Hijacking tool"
• In reply to: Casper Dik: "Re: Hijacking tool"
• Next in thread: bmanningisi.edu: "Re: Hijacking tool"

> >> There is a tool floating around called TAP which is a kernel mod that
> 

Lots of extraneous quoting deleted...

> If you're hijacking *connections* isn't it much easier to just steal
> the filehandles in the kernel?
> 
> (Just go to a processes' file table and add that processes file * to
> your open set, e.g., by implementing an new systemcall, interprocess
> dup:  int ipcdup(int pid, int fd))
> 
> Can't be more than four or five lines of kernel code.

  Which is easier for a 14 year old kid, running TAP and rootkit, or rewriting
the kernel code?

-- 
+ alanmid.net Network Operations Center (402)/472-0242, Fax (402)/472-0240  +
+ + + + + + + + + + + + + + + + + + ++ + + + + + + + + + + + + + + + + + + + +
+============\\ "Small is the number of them that see with their own eyes    +
+MIDnet, Inc. \\____  and feel with their own hearts." - Albert Einstein     +

• Next message: Oliver Friedrichs: "Re: Hijacking tool"
• Previous message: Alec Muffett: "Re: Hijacking tool"
• In reply to: Casper Dik: "Re: Hijacking tool"
• Next in thread: bmanningisi.edu: "Re: Hijacking tool"