Download presentation
Presentation is loading. Please wait.
Published byTiffany French Modified over 9 years ago
1
CHAPTER 10 Session Hijacking
2
INTRODUCTION The act of taking over a connection of some sort, for examples, network connection, a modem connection or other type of connection. If compared with sniffing, session hijacking is an active attack, sniffing is a passive attack. The point of hijacking a connection is to exploit trust. As example, imagine we are able to monitor traffic between two machines, one is a server and other is a client. We can catch the root user logging in via Telnet and we have successfully stolen the password.
3
TYPES OF HIJACKING TCP Session Hijacking In TCP Hijacking, an attacker pay attention to all the details that go into a TCP connection. TCP connection include things like sequence numbers, TCP headers, ACK packets, etc. TCP connection starts out with the standard TCP three-way handshake: the client sends a SYN packet, the server sends a SYN-ACK packet and the client responds with an ACK packet and starts to end data or wait for the server to send.
4
TYPES OF HIJACKING An attacker can hijack the connection in some ways, such as, during the initial handshake or before the authentication phase had completed. TCP Session Hijacking with Packet Blocking Without packet blocking, an attacker only can inject packets but not remove them. In this technique, an attacker has completely controls the transmission of packets between two hosts. In fact, such systems to take over connections in this manner exist today we call them transparent firewalls.
5
TYPES OF HIJACKING TCP Session Hijacking Tools There are two widely known tools that can be used for session hijacking: Juggernaut Juggernaut was written by route, editor of Phrack magazine. It has two operating modes: The first to act as a sniffer of sorts, triggering on a particular bit of data. The second is to act as session hijacker and connection reset.
6
TYPES OF HIJACKING Hunt Hunt is a tool created by Pavel Krauz. Like Juggernaut, Hunt has sniffing modes and session hijacking modes. Unlike Juggernaut, Hunt adds some ARP tools to perform ARP spoofing in order to get victim hosts to go through an attacking machine. Hunt also can eliminate the ACK storm problems typically associated with a TCP session hijack.
7
TYPES OF HIJACKING UDP Session Hijacking In UDP session hijacking, an attacker doesn’t need features like TCP, for example, sequence numbers and ACK mechanism to do session hijacking. Terminal Session These attacks taking place in the wild back in the beginning of 1995. In this attack, an attacker concern on connection between terminal.
8
HIJACKING PROTECTION There are a couple of techniques that can be employed to protect specific hijacking attempts. Encryption Ssh Ssh can replaced the functionality of Telnet, ftp, rlogin and rcp. In addition, we can tunnel other protocols like HTTP over an Ssh connection. SSL It is obviously available for Web server where it is most widely deployed.
9
HIJACKING PROTECTION It also can be used with POP, SMTP and IMAP. Storm Watchers This technique is used to watch for something that doesn’t match retransmission and duplicate packets. Basically this is the IDS approach.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.