In article <199507060131 .
SAA25813 @
miles .
greatcircle .
com>, smb @
research .
att .
com writes:
>Yup (though the hijacked terminal attack in 95-01 was a local-machine
>affair).
Take a look at TTY-Watcher. It uses the hijacked terminal attack to allow
sysadmins to monitor, log, and control users. Of course, it can also be
used maliciously, but so can any security tool.
ftp://coast.cs.purdue.edu/pub/tools/unix/ttywatcher
> It looks like this might allow a hacker into your net as an
> authenticated user, unless I'm being paranoid (if I am being
> paranoid, I refuse to appologize; they PAY me to be
> paranoid).
>
>No ``might'' about it. See Joncheray's paper from the last UNIX Security
>Symposium, or Mike Neumann's ``Watcher'' paper.
The IP-Watcher paper is rough at the moment. The best source of information
is to look at the WWW pages:
http://nad.infostructure.com/watcher.html
They describe the attack pretty thoroughly (as well as our IP-Watcher
product which uses the attack to monitoring and control network users--it's
essentially the network version of TTY-Watcher).
-Mike Neuman
mcn @
EnGarde .
com
En Garde Systems
Computer Security Software and Consulting
|
|
