Re: Hijacking tool

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Nayfield, Rod: "Re[2]: "Secure Socket Layer" protocol (NYT Article)"
• Previous message: Rens Troost: "Router filtering not enough! (Was: Re: CERT advisory )"
• In reply to: Paul Ferguson: "Re: Hijacking tool"
• Next in thread: Jim Duncan: "Re: Hijacking tool"

> I'm less concerned about the IP spoofing attack method than I am curious
> about this TAP tool. Does anyone have any detailed/technical information
> on this in particular?

I don't think this is anything special to be worried about.  Once someone 
has root, they can use this tool to clone ttys and break into more systems.  
The way I look at it, once the hacker has root, the gig is up anyways.

The measures described to prevent this (disabling loadable kernel 
modules) seem pointless -- if the attackers have root, they can 
rebuild the kernel to do anything they want. 

I found tap via archie -- search for tap-1.24.  It may be an older 
version.

                             ...Eric

• Next message: Nayfield, Rod: "Re[2]: "Secure Socket Layer" protocol (NYT Article)"
• Previous message: Rens Troost: "Router filtering not enough! (Was: Re: CERT advisory )"
• In reply to: Paul Ferguson: "Re: Hijacking tool"
• Next in thread: Jim Duncan: "Re: Hijacking tool"