[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    ANNOUNCE: Freely available TTY monitoring/control program
From:       Mike Neuman <mcn () EnGarde ! com>
Date:       1995-06-28 12:39:17
[Download RAW message or body]

The latest in our *-Watcher series, "TTY-Watcher", is now freely available
for anonymous FTP:

ftp://coast.cs.purdue.edu/pub/tools/unix/ttywatcher

For those who were interested in IP-Watcher, it has been released as a
commercial product. For more information, take a look at:
http://nad.infostructure.com/watcher.html

If you're not interested in the IP-Watcher product, but are interested
in the inherent vulnerability in TCP/IP it exploits to perform it's
active countermeasures, take a look at the web pages as well. (They've
been significantly redone since the first announcement, and hopefully are
more helpful) :-)

Thanks!

mcn@EnGarde.com
En Garde Systems
Computer Security Software and Consulting

======
>From the README:

What is TTY-Watcher?
--------------------

TTY-Watcher is a utility to monitor and control users on a single system.
It is based on our IP-Watcher utility, which can be used to monitor and
control users on an entire network. It is similar to advise or tap, but
with many more advanced features and a user friendly (either X-Windows or
text) interface.

TTY-Watcher allows the user to monitor every tty on the system, as well
as interact with them by:

1) Sharing a TTY. Anything the user types into a monitored TTY window will be
sent to the underlying process (and consequently echoed back to the real
owner of the TTY). In this way, you are "sharing" a login session with another
user.

2) Termination. At the click of a button (or an escape sequence with the text
interface), the current connection can be instantly terminated.

3) Stealing. Another click of the button allows the user to "steal" the
monitored TTY. The TTY will continue to function as normal for the TTY-Watcher
user, but the real owner of the TTY will see no output, and his keystrokes
will be ignored.

4) Returning the TTY. After a TTY has been stolen, it can be returned to the
user, as though nothing happened.

5) Sending the user a message. A message can be sent to the real owner of the
TTY without interfering with the commands he's typing. The message will only
be displayed on his screen and will not be sent to the underlying process.

Aside from monitoring and controlling TTYs, individual connections can be
logged to either a raw logfile for later playback (somewhat like a VCR) or
to a text file.

Each of these abilities (except for #4) are also available in our commercial
IP-Watcher program, except instead of monitoring and controlling TTYs, entire
TCP/IP connections can be monitored and controlled. In this way, you can
monitor an entire network rather than a single machine.


What systems is it available for?
---------------------------------

  Currently TTY-Watcher works under SunOS 4.x and Solaris 2.x systems.

  Ports to other systems may be possible (we just don't have access to any
others). The requirements for a system are: loadable (or at least
user-configurable) device drivers, and STREAMS ttys.

It has been tested in the following configurations:
sun4m (SS5) running 4.1.3_U1B
sun4m (LX) running 2.4

All the hooks are there for other hardware types (sun4c, sun4, etc.), but
we don't have access to them. If you have success with these machines, let
us know. If not, send us the patches! :-)

[prev in list] [next in list] [prev in thread] [next in thread]