> > There is a tool floating around called TAP which is a kernel mod that > allows you to easily watch streams on SunOs, and capture what a person > is typing. It is easy to modify so that you could actually write to > the stream thus emulating that person and hijacking their terminal > connection. > > To load the modules, the intruder does a modload to add the module to > the kernel. One way to detect the hijacking tool is to do a > > modstat > > and see if there is any unfamiliar modules loaded. An intruder could trojan > modstat so it might be worthwhile to check the integrity of modstat. > > I'm less concerned about the IP spoofing attack method than I am curious about this TAP tool. Does anyone have any detailed/technical information on this in particular? Thanks, - paul _______________________________________________________________________________ Paul Ferguson US Sprint tel: 703.689.6828 Managed Network Engineering internet: paul@hawk.sprintmrn.com Reston, Virginia USA http://www.sprintmrn.com