Re: Hijacking tool

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Rick Busdiecker: "Re: NYT Article this morning"
• Previous message: Perry E. Metzger: "Re: IP spoofing vs tcp wrappers and netacl"
• Maybe in reply to: Christopher Klaus: "Hijacking tool"
• Next in thread: Timothy Newsham: "Re: Hijacking tool"

>  >
>  >If you're hijacking *connections* isn't it much easier to just steal
>  >the filehandles in the kernel?
> 
> Not if you're on entirely another host.
> 
> That's the point of RTM-Snr's attack, as expanded upon by
> Bellovin. Guessing sequence numbers and flooding the remote machine
>
> 	- alec

Alec-
    I think you may be confusing two techniques here - both of which
have just become more 'popular.'  I believe the hijacking technique
is to use TAP, a modloadable SunOS driver to read and possibly write
to an established pty.

The TCP sequence number is what RTM and SMB wrote about.  This is
different - you don't need root anywhere to to that.

Quentin

• Next message: Rick Busdiecker: "Re: NYT Article this morning"
• Previous message: Perry E. Metzger: "Re: IP spoofing vs tcp wrappers and netacl"
• Maybe in reply to: Christopher Klaus: "Hijacking tool"
• Next in thread: Timothy Newsham: "Re: Hijacking tool"