Download presentation
Presentation is loading. Please wait.
1
CSCE 548 Student Presentation By Manasa Suthram
Session Hijacking CSCE 548 Student Presentation By Manasa Suthram
2
What is Session Hijacking?[1]
Attacks that take over an active TCP/IP communication without the user’s permission or knowledge. Attackers enjoy the same access of resources as the compromised user. Network protocols like Telnet, FTP are especially attractive to attackers.
3
Different Types of Session Hijack Attacks[1]
Active: Original user has logged in his account and then attacker steals the cookies to hijack the active session Passive: attackers capture the login credentials by observing the user’s new connection with the server Hybrid: combination of both active and passive attack.
4
What makes the attack so dangerous?[2]
These attacks cannot be eliminated by software patches, complex passwords or multi-factor authentication. Root cause lies in the design implementation to inherent to the TCP/IP protocols. All machines regardless of OS or hardware architecture are vulnerable to this attack. Compromises all three sides of the CIA triad.
5
Procedural Overview of Session Hijacking[1]
Step 1: Locating a target Step 2: Find an active session Step 3: Perform sequence number prediction Step 4: Take one of the parties offline Step 5: Take over the session and maintain the connection
6
Example[1] Normal Telnet Traffic Forcing ARP entry
7
Hijack Traffic Telnet Packet with incorrect MAC address
8
Complete session Hijack of a Telnet Session
ACK storm
9
Tools to Session Hijack[1][2]
Juggernaut: runs only on LINUX OS. Hunt: Unix based software application T-Sight: Windows OS Wireshark or Kismet: for wireless networks
10
Detecting Session Hijack Attacks[1][2]
Packet sniffers: to scan signatures of an attack -Used often as an investigation tool Intrusion Detection System (IDS) Encrypt end-to-end Use session ID monitors: BlackSheep
11
Session Hijacking Remediation[1]
Defence in depth strategy has to be applied
12
Conclusion[1][2] Session Hijacking is still considered as one of the top few risks on the web today. Defending session hijack is difficult because it is independent of software and hardware architectures. Many factors come into picture to reduce user’s exposure to this attack like firewall configuration, IPSec, secure FTP, Telnet etc.
13
References room/whitepapers/windows/session-hijacking- windows-networks-2124 n-hijacking-and-web-based-attacks hacking-session-hijacking
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.