Re: Hijacking tool

Alan Hannan (alan@mid.net)
Tue, 24 Jan 1995 08:27:36 -0600 (CST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Oliver Friedrichs: "Re: Hijacking tool"
Previous message: Alec Muffett: "Re: Hijacking tool"
In reply to: Casper Dik: "Re: Hijacking tool"
Next in thread: bmanning@isi.edu: "Re: Hijacking tool"

> >> There is a tool floating around called TAP which is a kernel mod that
> 

Lots of extraneous quoting deleted...

> If you're hijacking *connections* isn't it much easier to just steal
> the filehandles in the kernel?
> 
> (Just go to a processes' file table and add that processes file * to
> your open set, e.g., by implementing an new systemcall, interprocess
> dup:  int ipcdup(int pid, int fd))
> 
> Can't be more than four or five lines of kernel code.

  Which is easier for a 14 year old kid, running TAP and rootkit, or rewriting
the kernel code?

-- 
+ alan@mid.net Network Operations Center (402)/472-0242, Fax (402)/472-0240  +
+ + + + + + + + + + + + + + + + + + ++ + + + + + + + + + + + + + + + + + + + +
+============\\ "Small is the number of them that see with their own eyes    +
+MIDnet, Inc. \\____  and feel with their own hearts." - Albert Einstein     +

Next message: Oliver Friedrichs: "Re: Hijacking tool"
Previous message: Alec Muffett: "Re: Hijacking tool"
In reply to: Casper Dik: "Re: Hijacking tool"
Next in thread: bmanning@isi.edu: "Re: Hijacking tool"