1 / 9

CHAPTER 10

CHAPTER 10. Session Hijacking. INTRODUCTION. The act of taking over a connection of some sort, for examples, network connection, a modem connection or other type of connection. If compared with sniffing, session hijacking is an active attack, sniffing is a passive attack.

bennettd
Download Presentation

CHAPTER 10

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CHAPTER 10 Session Hijacking

  2. INTRODUCTION • The act of taking over a connection of some sort, for examples, network connection, a modem connection or other type of connection. • If compared with sniffing, session hijacking is an active attack, sniffing is a passive attack. • The point of hijacking a connection is to exploit trust. • As example, imagine we are able to monitor traffic between two machines, one is a server and other is a client. • We can catch the root user logging in via Telnet and we have successfully stolen the password.

  3. TYPES OF HIJACKING • TCP Session Hijacking • In TCP Hijacking, an attacker pay attention to all the details that go into a TCP connection. • TCP connection include things like sequence numbers, TCP headers, ACK packets, etc. • TCP connection starts out with the standard TCP three-way handshake: the client sends a SYN packet, the server sends a SYN-ACK packet and the client responds with an ACK packet and starts to end data or wait for the server to send.

  4. TYPES OF HIJACKING • An attacker can hijack the connection in some ways, such as, during the initial handshake or before the authentication phase had completed. • TCP Session Hijacking with Packet Blocking • Without packet blocking, an attacker only can inject packets but not remove them. • In this technique, an attacker has completely controls the transmission of packets between two hosts. • In fact, such systems to take over connections in this manner exist today we call them transparent firewalls.

  5. TYPES OF HIJACKING • TCP Session Hijacking Tools • There are two widely known tools that can be used for session hijacking: • Juggernaut • Juggernaut was written by route, editor of Phrack magazine. • It has two operating modes: • The first to act as a sniffer of sorts, triggering on a particular bit of data. • The second is to act as session hijacker and connection reset.

  6. TYPES OF HIJACKING • Hunt • Hunt is a tool created by Pavel Krauz. • Like Juggernaut, Hunt has sniffing modes and session hijacking modes. • Unlike Juggernaut, Hunt adds some ARP tools to perform ARP spoofing in order to get victim hosts to go through an attacking machine. • Hunt also can eliminate the ACK storm problems typically associated with a TCP session hijack.

  7. TYPES OF HIJACKING • UDP Session Hijacking • In UDP session hijacking, an attacker doesn’t need features like TCP, for example, sequence numbers and ACK mechanism to do session hijacking. • Terminal Session • These attacks taking place in the wild back in the beginning of 1995. • In this attack, an attacker concern on connection between terminal.

  8. HIJACKING PROTECTION • There are a couple of techniques that can be employed to protect specific hijacking attempts. • Encryption • Ssh • Ssh can replaced the functionality of Telnet, ftp, rlogin and rcp. • In addition, we can tunnel other protocols like HTTP over an Ssh connection. • SSL • It is obviously available for Web server where it is most widely deployed.

  9. HIJACKING PROTECTION • It also can be used with POP, SMTP and IMAP. • Storm Watchers • This technique is used to watch for something that doesn’t match retransmission and duplicate packets. • Basically this is the IDS approach.

More Related