In article <199507060131 .
com>, smb @
>Yup (though the hijacked terminal attack in 95-01 was a local-machine
Take a look at TTY-Watcher. It uses the hijacked terminal attack to allow
sysadmins to monitor, log, and control users. Of course, it can also be
used maliciously, but so can any security tool.
> It looks like this might allow a hacker into your net as an
> authenticated user, unless I'm being paranoid (if I am being
> paranoid, I refuse to appologize; they PAY me to be
>No ``might'' about it. See Joncheray's paper from the last UNIX Security
>Symposium, or Mike Neumann's ``Watcher'' paper.
The IP-Watcher paper is rough at the moment. The best source of information
is to look at the WWW pages:
They describe the attack pretty thoroughly (as well as our IP-Watcher
product which uses the attack to monitoring and control network users--it's
essentially the network version of TTY-Watcher).
En Garde Systems
Computer Security Software and Consulting