Fwd: FW: session-hijacking is still available?

From: crawford charles (biv0uac17@hotmail.com)
Date: 04/04/03

  • Next message: James Washer: "Re: analyzing client / server traffic"
    From: "crawford charles" <biv0uac17@hotmail.com>
    To: chulmin2@hotmail.com
    Date: Fri, 04 Apr 2003 18:46:37 +0000
    
    

    I had thought that the original thesis was that for older TCP
    implementations, an attacker could make a reasonable guess about the
    starting sequence number of a new TCP session, given the sequence numbers
    for a previous one (i.e. one he could observe). Then he would attempt to
    hijack a subsequent TCP session that he might not be able to observe, but
    could predict or infer. Newer TCP implementations start the sequence number
    for each new session at a random value, and increment from there. But
    sequence numbers still have to increment monotonically (presumably by the
    number of bytes in each TCP PDU).

    If an attacker can monitor the link between the client and server of a TCP
    session in real-time, and can inject packets "fast enough", he can still
    hijack a session, as the sequence numbers for the hijacked session will be
    directly observable. The counter to this level of attack is to encrypt,
    preferably at the IP layer (one can still encrypt at the TCP layer,
    preventing the hijacker from doing anything "useful", but the victim session
      is still disrupted -- DoS).

    >-----Original Message-----

    From: SB CH [mailto:chulmin2@hotmail.com]
    Sent: Thursday, April 03, 2003 8:44 PM
    To: security-basics@securityfocus.com
    Subject: session-hijacking is still available?

    Hello, all.

    if attacker can do session hijacking, he can know the seq number change,
    ack seq number change something like that.
    But I have heard that modern system like linux kernel 2.4.x or openbsd
    produce almost random seq number, so session hijacking is almost impossible
    thesedays.

    is it true or not?
    anyone still can session hijacking using session hijacking program like
    hunt?

    Thanks in advance.

    _________________________________________________________________
    Tired of spam? Get advanced junk mail protection with MSN 8.
    http://join.msn.com/?page=features/junkmail

    -------------------------------------------------------------------
    SurfControl E-mail Filter puts the brakes on spam,
    viruses and malicious code. Safeguard your business
    critical communications. Download a free 30-day trial:
    http://www.securityfocus.com/SurfControl-security-basics


  • Next message: James Washer: "Re: analyzing client / server traffic"