Skip to content
Thoughtful, detailed coverage of everything Apple for 34 years
and the TidBITS Content Network for Apple professionals
Log In
Geoff Duncan

Keep Your Doors Locked

The Computer Incident Advisory Capability office (CIAC) issued a notice 23-Jan-95 on two techniques currently being used to compromise the security of Internet hosts: spoofing and hijacking (or tapping). Although neither of these techniques is particularly new, apparently incidence of their use has increased sharply.

The first method, spoofing, involves an attacker "impersonating" a local machine by altering his or her packets to appear as if they originated at a local machine. This in itself is not inherently a threat; however, many local networks are configured so they implicitly "trust" packets arriving from particular hosts (say an administrator’s workstation) and do not require authentication on requests from those machines. If intruders successfully impersonate a trusted machine on a network, they could potentially acquire full access to files, mail, accounts, or anything else on that network. The recommended workaround is to configure network routers to block any packet entering from outside and claiming to be from the local domain.

Hijacking, or tapping, involves using a tool called tap to take over existing login sessions on a system. A user or intruder with root access can use tap to execute commands exactly as if they had been typed by the owner of that login session. If that user had connected to a remote system within that session, no authentication would be required to gain access to that remote system. Users of a hijacked session may notice commands appearing as they’re typed by the intruder, screens suddenly clearing, or other unusual events. Contrary to net rumors, it appears that the tap tool is available only for SunOS 4.1.x systems.

These threats do not have an enormous direct impact on Macintosh users, although they could have an affect on systems you connect to with your Macintosh, particularly in corporate, educational, or government sites. Check with your system administrator if you think this information may apply to you or your site. CIAC notices, various software, details on mailing lists and other information are available at:

ftp://ciac.llnl.gov/pub/ciac/

Information from:
CIAC <[email protected]>
Pythaeus

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For over 33 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.

This site is protected by reCAPTCHA. The Google Privacy Policy and Terms of Service apply.