CHAPTER 10 Session Hijacking. INTRODUCTION The act of taking over a connection of some sort, for...
-
Upload
tiffany-french -
Category
Documents
-
view
219 -
download
1
Transcript of CHAPTER 10 Session Hijacking. INTRODUCTION The act of taking over a connection of some sort, for...
CHAPTER 10
Session Hijacking
INTRODUCTION
The act of taking over a connection of some sort, for examples, network connection, a modem connection or other type of connection.
If compared with sniffing, session hijacking is an active attack, sniffing is a passive attack.
The point of hijacking a connection is to exploit trust.
As example, imagine we are able to monitor traffic between two machines, one is a server and other is a client.
We can catch the root user logging in via Telnet and we have successfully stolen the password.
TYPES OF HIJACKING
TCP Session Hijacking In TCP Hijacking, an attacker pay attention to all
the details that go into a TCP connection. TCP connection include things like sequence
numbers, TCP headers, ACK packets, etc. TCP connection starts out with the standard TCP
three-way handshake: the client sends a SYN packet, the server sends a SYN-ACK packet and the client responds with an ACK packet and starts to end data or wait for the server to send.
TYPES OF HIJACKING
An attacker can hijack the connection in some ways, such as, during the initial handshake or before the authentication phase had completed.
TCP Session Hijacking with Packet Blocking Without packet blocking, an attacker only can
inject packets but not remove them. In this technique, an attacker has completely
controls the transmission of packets between two hosts.
In fact, such systems to take over connections in this manner exist today we call them transparent firewalls.
TYPES OF HIJACKING
TCP Session Hijacking Tools There are two widely known tools that can be
used for session hijacking: Juggernaut Juggernaut was written by route, editor of Phrack
magazine. It has two operating modes: The first to act as a sniffer of sorts, triggering on
a particular bit of data. The second is to act as session hijacker and
connection reset.
TYPES OF HIJACKING
Hunt Hunt is a tool created by Pavel Krauz. Like Juggernaut, Hunt has sniffing modes and
session hijacking modes. Unlike Juggernaut, Hunt adds some ARP tools to
perform ARP spoofing in order to get victim hosts to go through an attacking machine.
Hunt also can eliminate the ACK storm problems typically associated with a TCP session hijack.
TYPES OF HIJACKING
UDP Session Hijacking In UDP session hijacking, an attacker doesn’t
need features like TCP, for example, sequence numbers and ACK mechanism to do session hijacking.
Terminal Session These attacks taking place in the wild back in the
beginning of 1995. In this attack, an attacker concern on connection
between terminal.
HIJACKING PROTECTION
There are a couple of techniques that can be employed to protect specific hijacking attempts.
Encryption Ssh Ssh can replaced the functionality of Telnet, ftp,
rlogin and rcp. In addition, we can tunnel other protocols like
HTTP over an Ssh connection. SSL It is obviously available for Web server where it
is most widely deployed.
HIJACKING PROTECTION
It also can be used with POP, SMTP and IMAP. Storm Watchers This technique is used to watch for something
that doesn’t match retransmission and duplicate packets.
Basically this is the IDS approach.