Fwd: FW: session-hijacking is still available?
From: crawford charles (firstname.lastname@example.org)
From: "crawford charles" <email@example.com> To: firstname.lastname@example.org Date: Fri, 04 Apr 2003 18:46:37 +0000
I had thought that the original thesis was that for older TCP
implementations, an attacker could make a reasonable guess about the
starting sequence number of a new TCP session, given the sequence numbers
for a previous one (i.e. one he could observe). Then he would attempt to
hijack a subsequent TCP session that he might not be able to observe, but
could predict or infer. Newer TCP implementations start the sequence number
for each new session at a random value, and increment from there. But
sequence numbers still have to increment monotonically (presumably by the
number of bytes in each TCP PDU).
If an attacker can monitor the link between the client and server of a TCP
session in real-time, and can inject packets "fast enough", he can still
hijack a session, as the sequence numbers for the hijacked session will be
directly observable. The counter to this level of attack is to encrypt,
preferably at the IP layer (one can still encrypt at the TCP layer,
preventing the hijacker from doing anything "useful", but the victim session
is still disrupted -- DoS).
if attacker can do session hijacking, he can know the seq number change,
ack seq number change something like that.
But I have heard that modern system like linux kernel 2.4.x or openbsd
produce almost random seq number, so session hijacking is almost impossible
is it true or not?
anyone still can session hijacking using session hijacking program like
Thanks in advance.
Tired of spam? Get advanced junk mail protection with MSN 8.
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial: