Re: Hijacking tool

Paul Ferguson (paul@hawksbill.sprintmrn.com)
Tue, 24 Jan 1995 08:01:40 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Casper Dik: "Re: Hijacking tool"
Previous message: Darren Reed: "Re: A quick patch to help against TCP ISN guessing."
In reply to: Christopher Klaus: "Hijacking tool"
Next in thread: Casper Dik: "Re: Hijacking tool"

> 
> There is a tool floating around called TAP which is a kernel mod that
> allows you to easily watch streams on SunOs, and capture what a person
> is typing.  It is easy to modify so that you could actually write to
> the stream thus emulating that person and hijacking their terminal 
> connection.  
> 
> To load the modules, the intruder does a modload to add the module to
> the kernel.  One way to detect the hijacking tool is to do a
> 
> 	modstat
> 
> and see if there is any unfamiliar modules loaded.  An intruder could trojan
> modstat so it might be worthwhile to check the integrity of modstat.
> 
>

I'm less concerned about the IP spoofing attack method than I am curious
about this TAP tool. Does anyone have any detailed/technical information
on this in particular?

Thanks,

- paul

 
_______________________________________________________________________________
Paul Ferguson                         
US Sprint                                          tel: 703.689.6828
Managed Network Engineering                   internet: paul@hawk.sprintmrn.com
Reston, Virginia  USA                             http://www.sprintmrn.com

Next message: Casper Dik: "Re: Hijacking tool"
Previous message: Darren Reed: "Re: A quick patch to help against TCP ISN guessing."
In reply to: Christopher Klaus: "Hijacking tool"
Next in thread: Casper Dik: "Re: Hijacking tool"