Security Basics mailing list archives
Re: session-hijacking is still available?
From: "crawford charles" <biv0uac17 () hotmail com>
Date: Wed, 09 Apr 2003 18:42:32 +0000
Forgive my presumption, but I believe the original concept of TCP session-hijacking was that an attacker could INFER the starting sequence numbers for a victim TCP session, most likely by attempting his own Telnet sessions, and observing the session numbers. When a new (targeted) victim logged in, the attacker would note the victim's IP and port, and then start hammering the victim session with data-packets starting from the inferred sequence number range, and all without being able to observe the victim session -- all he needed to do was craft packets which set the password and logout -- in effect, a priviledge escalation attack. In fact, the attacker need not even observe the replies to his packets. This all presumed a time when TCP sessions were few and far between. Granted, if you can sit on the line, or manipulate the packet routing, the whole issue of predictable sequence numbers (and therefore the subject of this thread) becomes moot. --------- From: Dina Kamal [mailto:dina () synergyct com] Sent: Tuesday, April 08, 2003 12:16 PM To: security-basics () securityfocus com Hi, Well, in order to do session hijacking from the internet , the outside user must be capable of doing rerouting for the session that's already been established so that he can be able to sniff the tcp packet for the seq number and other information required to do a successful hijacking .. so we need source routing enabled on the routers but then what ?? Does anybody has an idea about this issue? Thanks in advance Dina >-----Original Message----- From: SB CH [mailto:chulmin2 () hotmail com] Sent: Thursday, April 03, 2003 8:44 PM To: security-basics () securityfocus com Subject: session-hijacking is still available? Hello, all. if attacker can do session hijacking, he can know the seq number change, ack seq number change something like that. But I have heard that modern system like linux kernel 2.4.x or openbsd produce almost random seq number, so session hijacking is almost impossible thesedays. is it true or not? anyone still can session hijacking using session hijacking program like hunt? Thanks in advance. _________________________________________________________________Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
------------------------------------------------------------------- Is SPAM over-loading your e-mail server, disk space or bandwidth? SurfControl E-Mail Filter is flexible, intelligent and policy-driven protection. http://www.securityfocus.com/SurfControl-security-basics2 Download your free fully functional trial, complete with 30-days of free technical support. Stop SPAM before it stops you. -------------------------------------------------------------------
Current thread:
- session-hijacking is still available? SB CH (Apr 04)
- RE: session-hijacking is still available? Michael Cunningham (Apr 07)
- Re: session-hijacking is still available? secvuln (Apr 07)
- Re: session-hijacking is still available? John Fastabend (Apr 07)
- <Possible follow-ups>
- RE: session-hijacking is still available? Raghu Chinthoju (Apr 04)
- Fwd: FW: session-hijacking is still available? crawford charles (Apr 04)
- REsession-hijacking is still available? Dina Kamal (Apr 08)
- Re: REsession-hijacking is still available? John Fastabend (Apr 09)
- REsession-hijacking is still available? Dina Kamal (Apr 08)
- Re: session-hijacking is still available? crawford charles (Apr 10)