Mitnick Versus Shimomura
IntroductionOn Christmas Day, 1994, Kevin Mitnick launched a sophisticated attack
against Tsutomu Shimomura’s computers in San Diego. Two different
attack mechanisms (IP source address spoofing and TCP sequence
number prediction) were used to gain initial access to a diskless X
terminal workstation. After root access had been obtained, an existing
connection to another system was hijacked by means of a loadable
kernel STREAMS module.
The attack was launched from toad.com in San Francisco, the Toad Hall
computer owned by John Gilmore, a founding employee of Sun
Microsystems. Shimomura’s pursuit of the hacker led to computers in
Marin County where Shimomura’s stolen files were found on The Well,
Denver, San Jose and finally to Kevin Mitnick, the fugitive hacker, in
Raleigh, North Carolina.
The source for this information is largely drawn from the posting made
by Shimomura in the newsgroups (comp.security.misc,
comp.protocols.tcp-ip, alt.security) dated 25 Jan 1995, with the subject
“Technical details of the attack described by Markoff in NYT”.
No comments:
Post a Comment