Everhart, Glenn
From:	Pavel Krauz [kra@CRI.CZ]
Sent:	Tuesday, December 01, 1998 4:25 AM
To:	BUGTRAQ@NETSPACE.ORG
Subject:	new hijack software: hunt-1.0
Hi all

I would like to announce new Linux software for intruding into a
connection.
It has several features which I didn't find in any free available
software.
You can download it from

http://www.cri.cz/kra/index.html

with regards
kra <kra@cri.cz>



from README:
- connection management
        * setting what connections you are interested in
        * detecting an ongoing connection (not only SYN started)
        * Normal active hijacking with the detection of the ACK storm
        * ARP spoofed/Normal hijacking with the detection of successful
          ARP spoof
        * synchronization of the true client with the server after
          hijacking (so that the connection don't have to be reset)
        * resetting connection
        * watching connection

- daemons
        * reset daemon for automatic connection resetting
        * arp spoof/relayer daemon for arp spoofing of hosts with the
ability
          to relay all packets from spoofed hosts.
        * MAC discovery daemon for collecting MAC addresses
        * sniff daemon for logging TCP traffic with the ability to
search for
          a particular string

- host resolving
        * deferred host resolving through dedicated DNS helper servers.

- packet engine
        * extensible packet engine for watching TCP, UDP, ICMP and ARP
traffic
        * collecting TCP connections with sequence numbers and the ACK
storm
          detection.
- misc.
        * determining which hosts are up