Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSCE 548 Student Presentation By Manasa Suthram

Similar presentations


Presentation on theme: "CSCE 548 Student Presentation By Manasa Suthram"— Presentation transcript:

1 CSCE 548 Student Presentation By Manasa Suthram
Session Hijacking CSCE 548 Student Presentation By Manasa Suthram

2 What is Session Hijacking?[1]
Attacks that take over an active TCP/IP communication without the user’s permission or knowledge. Attackers enjoy the same access of resources as the compromised user. Network protocols like Telnet, FTP are especially attractive to attackers.

3 Different Types of Session Hijack Attacks[1]
Active: Original user has logged in his account and then attacker steals the cookies to hijack the active session Passive: attackers capture the login credentials by observing the user’s new connection with the server Hybrid: combination of both active and passive attack.

4 What makes the attack so dangerous?[2]
These attacks cannot be eliminated by software patches, complex passwords or multi-factor authentication. Root cause lies in the design implementation to inherent to the TCP/IP protocols. All machines regardless of OS or hardware architecture are vulnerable to this attack. Compromises all three sides of the CIA triad.

5 Procedural Overview of Session Hijacking[1]
Step 1: Locating a target Step 2: Find an active session Step 3: Perform sequence number prediction Step 4: Take one of the parties offline Step 5: Take over the session and maintain the connection

6 Example[1] Normal Telnet Traffic Forcing ARP entry

7 Hijack Traffic Telnet Packet with incorrect MAC address

8 Complete session Hijack of a Telnet Session
ACK storm

9 Tools to Session Hijack[1][2]
Juggernaut: runs only on LINUX OS. Hunt: Unix based software application T-Sight: Windows OS Wireshark or Kismet: for wireless networks

10 Detecting Session Hijack Attacks[1][2]
Packet sniffers: to scan signatures of an attack -Used often as an investigation tool Intrusion Detection System (IDS) Encrypt end-to-end Use session ID monitors: BlackSheep

11 Session Hijacking Remediation[1]
Defence in depth strategy has to be applied

12 Conclusion[1][2] Session Hijacking is still considered as one of the top few risks on the web today. Defending session hijack is difficult because it is independent of software and hardware architectures. Many factors come into picture to reduce user’s exposure to this attack like firewall configuration, IPSec, secure FTP, Telnet etc.

13 References room/whitepapers/windows/session-hijacking- windows-networks-2124 n-hijacking-and-web-based-attacks hacking-session-hijacking


Download ppt "CSCE 548 Student Presentation By Manasa Suthram"

Similar presentations


Ads by Google