CHAPTER 10

1. CHAPTER 10 Session Hijacking

2. INTRODUCTION • The act of taking over a connection of some sort, for examples, network connection, a modem connection or other type of connection. • If compared with sniffing, session hijacking is an active attack, sniffing is a passive attack. • The point of hijacking a connection is to exploit trust. • As example, imagine we are able to monitor traffic between two machines, one is a server and other is a client. • We can catch the root user logging in via Telnet and we have successfully stolen the password.

3. TYPES OF HIJACKING • TCP Session Hijacking • In TCP Hijacking, an attacker pay attention to all the details that go into a TCP connection. • TCP connection include things like sequence numbers, TCP headers, ACK packets, etc. • TCP connection starts out with the standard TCP three-way handshake: the client sends a SYN packet, the server sends a SYN-ACK packet and the client responds with an ACK packet and starts to end data or wait for the server to send.

4. TYPES OF HIJACKING • An attacker can hijack the connection in some ways, such as, during the initial handshake or before the authentication phase had completed. • TCP Session Hijacking with Packet Blocking • Without packet blocking, an attacker only can inject packets but not remove them. • In this technique, an attacker has completely controls the transmission of packets between two hosts. • In fact, such systems to take over connections in this manner exist today we call them transparent firewalls.

5. TYPES OF HIJACKING • TCP Session Hijacking Tools • There are two widely known tools that can be used for session hijacking: • Juggernaut • Juggernaut was written by route, editor of Phrack magazine. • It has two operating modes: • The first to act as a sniffer of sorts, triggering on a particular bit of data. • The second is to act as session hijacker and connection reset.

6. TYPES OF HIJACKING • Hunt • Hunt is a tool created by Pavel Krauz. • Like Juggernaut, Hunt has sniffing modes and session hijacking modes. • Unlike Juggernaut, Hunt adds some ARP tools to perform ARP spoofing in order to get victim hosts to go through an attacking machine. • Hunt also can eliminate the ACK storm problems typically associated with a TCP session hijack.

7. TYPES OF HIJACKING • UDP Session Hijacking • In UDP session hijacking, an attacker doesn’t need features like TCP, for example, sequence numbers and ACK mechanism to do session hijacking. • Terminal Session • These attacks taking place in the wild back in the beginning of 1995. • In this attack, an attacker concern on connection between terminal.

8. HIJACKING PROTECTION • There are a couple of techniques that can be employed to protect specific hijacking attempts. • Encryption • Ssh • Ssh can replaced the functionality of Telnet, ftp, rlogin and rcp. • In addition, we can tunnel other protocols like HTTP over an Ssh connection. • SSL • It is obviously available for Web server where it is most widely deployed.

9. HIJACKING PROTECTION • It also can be used with POP, SMTP and IMAP. • Storm Watchers • This technique is used to watch for something that doesn’t match retransmission and duplicate packets. • Basically this is the IDS approach.