Re: session-hijacking is still available?
From: crawford charles (biv0uac17@hotmail.com)
Date: 04/09/03
- Previous message: Lambott@aol.com: "Re: Desktops and Integrity scanning"
- Maybe in reply to: SB CH: "session-hijacking is still available?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "crawford charles" <biv0uac17@hotmail.com> To: dina@synergyct.com Date: Wed, 09 Apr 2003 18:42:32 +0000
Forgive my presumption, but I believe the original concept of TCP
session-hijacking was that an attacker could INFER the starting
sequence numbers for a victim TCP session, most likely by attempting
his own Telnet sessions, and observing the session numbers.
When a new (targeted) victim logged in, the attacker would note
the victim's IP and port, and then start hammering the victim session
with data-packets starting from the inferred sequence number range,
and all without being able to observe the victim session -- all he needed
to do was craft packets which set the password and logout -- in effect,
a priviledge escalation attack. In fact, the attacker need not even
observe the replies to his packets. This all presumed a time when
TCP sessions were few and far between.
Granted, if you can sit on the line, or manipulate the packet routing,
the whole issue of predictable sequence numbers (and therefore the
subject of this thread) becomes moot.
---------
From: Dina Kamal [mailto:dina@synergyct.com]
Sent: Tuesday, April 08, 2003 12:16 PM
To: security-basics@securityfocus.com
Hi,
Well, in order to do session hijacking from the internet , the
outside user must be capable of doing rerouting for the session
that's already been established so that he can be able to sniff
the tcp packet for the seq number and other information required
to do a successful hijacking .. so we need source routing enabled
on the routers but then what ?? Does anybody has an idea about
this issue?
Thanks in advance
Dina
>-----Original Message-----
From: SB CH [mailto:chulmin2@hotmail.com]
Sent: Thursday, April 03, 2003 8:44 PM
To: security-basics@securityfocus.com
Subject: session-hijacking is still available?
Hello, all.
if attacker can do session hijacking, he can know the seq number change,
ack seq number change something like that.
But I have heard that modern system like linux kernel 2.4.x or openbsd
produce almost random seq number, so session hijacking is almost impossible
thesedays.
is it true or not?
anyone still can session hijacking using session hijacking program like
hunt?
Thanks in advance.
_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
-------------------------------------------------------------------
Is SPAM over-loading your e-mail server, disk space or bandwidth?
SurfControl E-Mail Filter is flexible, intelligent and policy-driven
protection.
http://www.securityfocus.com/SurfControl-security-basics2
Download your free fully functional trial, complete with 30-days of free technical support.
Stop SPAM before it stops you.
-------------------------------------------------------------------
- Previous message: Lambott@aol.com: "Re: Desktops and Integrity scanning"
- Maybe in reply to: SB CH: "session-hijacking is still available?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
