Module X Session Hijacking

Slides:

Advertisements

Similar presentations

Ethical Hacking Module VII Sniffers.

Advertisements

NETWORK SECURITY ADD ON NOTES MMD © Oct2012. IMPLEMENTATION Enable Passwords On Cisco Routers Via Enable Password And Enable Secret Access Control Lists.

1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?

Computer Security and Penetration Testing

NS-H /11041 Attacks. NS-H /11042 The Definition Security is a state of well-being of information and infrastructures in which the possibility.

Are you secured in the network ?: a quick look at the TCP/IP protocols Based on: A look back at “Security Problems in the TCP/IP Protocol Suite” by Steven.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.

Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.

Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.

Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.

Security (Continued) V.T. Raja, Ph.D., Oregon State University.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.

Network Attacks Mark Shtern.

Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.

Common IS Threat Mitigation Strategies An overview of common detection and protection technologies Max Caceres CORE Security Technologies

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.

Communication Protocols III Tenth Meeting. Connections in TCP A wants to send to B. What is the packet next move? A travels through hub and bridge to.

Computer Security and Penetration Testing

1 The Attack and Defense of Computers Dr. 許富皓. 2 Network Architecture:

COEN 252: Computer Forensics Router Investigation.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.

What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )

Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.

1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

IIT Indore © Neminath Hubballi

Computer Security and Penetration Testing

ECE4112 Lab 7: Honeypots and Network Monitoring and Forensics Group 13 + Group 14 Allen Brewer Jiayue (Simon) Chen Daniel Chu Chinmay Patel.

Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.

COEN 252 Computer Forensics Collecting Network-based Evidence.

Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011.

CHAPTER 11 Spoofing Attack. INTRODUCTION Definition Spoofing is the act of using one machine in the network communication to impersonate another. The.

CHAPTER 10 Session Hijacking. INTRODUCTION The act of taking over a connection of some sort, for examples, network connection, a modem connection or other.

Lecture 20 Hacking. Over the Internet Over LAN Locally Offline Theft Deception Modes of Hacker Attack.

CSE 461 Section. Let’s learn things first! Joke Later!

Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.

CIS 450 – Network Security Chapter 5 – Session Hijacking.

Scanning & Enumeration Lab 3 Once attacker knows who to attack, and knows some of what is there (e.g. DNS servers, mail servers, etc.) the next step is.

1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.

CHAPTER 9 Sniffing.

CS526Topic 18: Network Security1 Information Security CS 526 Network Security (1)

1 The Attack and Defense of Computers Dr. 許富皓. 2 Network Architecture:

Network Attacks Bharatha Yajaman ISQS Outline Sniffing  Passive Sniffing  Active Sniffing IP Address Spoofing  Changing the IP address  Undermining.

Department of Information Engineering1 About your assignment 5 -layers Model Application Layer(HTTP, DNS,...) TCP Layer(add sequence number to packets)

Sniffing and Session Hijacking Lesson 12. Session Hijacking Passive Attacker hijacks a session, but just sits back and watches and records all of the.

Introduction to Secure Shell Greg Porter Data Processing Manager USPFO For California.

Page 12/9/2016 Chapter 10 Intermediate TCP : TCP and UDP segments, Transport Layer Ports CCNA2 Chapter 10.

Telecommunications Networking II Lecture 41d Denial-of-Service Attacks.

UDP & TCP Where would we be without them!. UDP User Datagram Protocol.

Network Security 1. Overview What is security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures Firewalls & Intrusion.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Comparison of Network Attacks COSC 356 Kyler Rhoades.

SESSION HIJACKING It is a method of taking over a secure/unsecure Web user session by secretly obtaining the session ID and masquerading as an authorized.

1 Lecture A.2: Security Problems in TCP/IP r Reference: Security Problems in the TCP/IP Protocol Suite : by Steve Bellovin r R-services r Source-routing.

TCP Sliding Windows For each TCP connection each hosts keep two Sliding Windows, send sliding window, and receive sliding window to make sure the correct.

An Introduction To ARP Spoofing & Other Attacks

CompTIA Security+ Study Guide (SY0-401)

CSCE 548 Student Presentation By Manasa Suthram

Port Scanning James Tate II

Port Knocking Benjamin DiYanni.

General Classes of TCP/IP Problems

Domain 4 – Communication and Network Security

CompTIA Security+ Study Guide (SY0-401)

Network Security: IP Spoofing and Firewall

Attacks on TCP.

Presentation transcript:

Module X Session Hijacking Ethical Hacking Module X Session Hijacking

Module Objective Spoofing Vs Hijacking Types of session hijacking TCP/IP concepts Performing Sequence prediction ACK Storms Session Hijacking Tools

Understanding session hijacking Understanding the flow of message packets over the Internet by dissecting the TCP stack. Understanding the security issues involved in the use of IPv4 standard Familiarizing with the basic attacks possible due to the IPv4 standard.

Spoofing Vs Hijacking A spoofing attack is different from a hijack in that an attacker is not actively taking another user offline to perform the attack. he pretends to be another user or machine to gain access. Bob (Victim) Server I am Bob!

Spoofing Vs Hijacking With Hijacking an attacker is taking over an existing session, which means he is relying on the legitimate user to make a connection and authenticate. Then take over the session. I am Bob! Bob (Victim) Attacker Server Bob logs on to server Dial in

Steps in Session Hijacking Tracking the session Desynchronizing the connection Injecting the attacker’s packet

Types of session Hijacking There are two types of hijacking attacks: Active In an active attack, an attacker finds an active session and takes over. Passive With a passive attack, an attacker hijacks a session, but sits back and watches and records all of the traffic that is being sent forth.

TCP Concepts 3 Way Handshake Bob Initiates a connection with the server. Bob sends a packet to the server with SYN bit set. The server receives this packet and sends back a packet with the SYN bit and an ISN (Initial Sequence Number) for the server. Bob sets the ACK bit acknowledging the receipt of the packet and increments the sequence number by 1 The two machines have successfully established a session. 1 2 3

Sequence Numbers Sequence Numbers are very important to provide reliable communication but they are also crucial to hijacking a session. Sequence numbers are a 32-bit counter, which means the value can be any of over 4 billion possible combinations. The sequence numbers are used to tell the receiving machine what order the packets should go in when they are received. Therefore an attacker must successfully guess the sequence number to hijack a session.

Programs that perform Session Hijacking There are several programs available that perform session hijacking. Following are a few that belongs to this category: Juggernaut Hunt TTY Watcher IP Watcher T-Sight

Hacking Tool: Juggernaut Juggernaut is a network sniffer that can be used to hijack TCP sessions. It runs on Linux Operating systems. Juggernaut can be set to watch for all network traffic or it can be given a keyword like password to look out for. The main function of this program is to maintain information about various session connections that are occurring on the network. The attacker can see all the sessions and he can pick a session he wants to hijack.

Hacking Tool: Hunt http://lin.fsid.cvut.cz/^kra/index.html Hunt is a program that can be used to listen, intercept, and hijack active sessions on a network. Hunt Offers: Connection management ARP Spoofing Resetting Connection Watching Connection MAC Address discovery Sniffing TCP traffic

Hacking Tool: TTY Watcher http://www.cerias.purdue.edu TTY-watcher is a utility to monitor and control users on a single system. Sharing a TTY. Anything the user types into a monitored TTY window will be sent to the underlying process. In this way you are sharing a login session with another user. After a TTY has been stolen, it can be returned to the user as though nothing happened. (Available only for Sun Solaris Systems.)

Hacking Tool: IP watcher http://engarde.com IP watcher is a commercial session hijacking tool that allows you to monitor connections and has active countermeasures for taking over a session. The program can monitor all connections on a network allowing an attacker to display an exact copy of a session in real-time, just as the user of the session sees the data.

T-Sight http://engarde.com T-Sight, an advanced intrusion investigation and response tool for Windows NT and Windows 2000 can assist you when an attempt at a break-in or compromise occurs. With T-sight, you can monitor all your network connections (i.e. traffic) in real-time and observe the composition of any suspicious activity that takes place. T-Sight has the capability to hijack any TCP sessions on the network. Due to security reasons Engarde Systems licenses this software to pre-determined IP address.

Remote TCP Session Reset Utility

Dangers posed by Hijacking Most computers are vulnerable Little can be done to protect against it Hijacking is simple to launch Most countermeasures do not work Hijacking is very dangerous.

Protecting against Session Hijacking Use Encryption Use a secure protocol Limit incoming connections Minimize remote access Have strong authentication.

Summary In the case of a session hijacking an attacker relies on the legitimate user to connect and authenticate and then take over the session. In spoofing attack, the attacker pretends to be another user or machine to gain access. Successful session hijacking is extremely difficult and only possible when a number of factors are under the attacker's control. Session hijacking can be active or passive in nature depending on the degree of involvement of the attacker in the attack. A variety of tools exist to aid the attacker in perpetrating a session hijack. Session Hijacking could be very dangerous and there is a need for implementing strict countermeasures.