There is a recent article in the German magazine C''t that may be of interest to those on this list. It describes a cracker program, Juggernaut, which can hijack telnet sessions. The program is written specifically to run under Linux. An english translation of the article is available at: http://www.ix.de/ct/english/9710142/ It also mentions that they are working on a version of the program that runs from a boot floppy. That is, walk up to any PC (probably not running Linux) on a given network , boot Linux from floppy, run Juggernaut to hijack telnet sessions, do all sorts of bad things, eject floppy, and go away. Since the program is widely circulated, everyone should at least be aware of the attack. -- Bill Faust
route@resentment.infonexus.com
1997-Sep-23 19:42 UTC
Re: [linux-security] C''t Article on Juggernaut
[Bill Faust]
|
| There is a recent article in the German magazine C''t that may be of
| interest to those on this list. It describes a cracker program,
s/cracker/hacker/
| Juggernaut, which can hijack telnet sessions. The program is written
Actually, it does alot more then just hijacking. Connection Spying,
connection reseting, automated connection reseting, packet sniffing,
packet assembly (albeit a crappy interface/ implementation. Use
SNI''s
CAPE).
| Since the program is widely circulated, everyone should at least be
| aware of the attack.
I certainly hope so. The Joncheray paper was published over 2 years
ago. For that matter, Juggernaut v1.0 was published in Phrack 50
(http://www.phrack.com) more then 5 months ago. As it happens, v1.x has
several areas of deficiency, prompting Juggernaut++ (which is still
WIP at this point). A bit more information can be gleaned from:
http://www.infonexus.com/~daemon9/project.html
--
I live a world of paradox... My willingness to destroy is your chance for
improvement, my hate is your fate -- my failure is your victory, a victory
that won''t last.