Re: session-hijacking is still available?

[John Fastabend <jfastabe () up edu>]

> Hello, all.

Hello.

> if attacker can do session hijacking, he can know the seq number change, 
> ack seq number change something like that.

Only if he is spoofing from somewhere where he can sniff this information 
off the wire. For example if he is on the same network or has manipulated 
routing information so that the packet is passed through his system on its 
way to its destination.

> But I have heard that modern system like linux kernel 2.4.x or openbsd 
> produce almost random seq number, so session hijacking is almost impossible 
> thesedays.
>
> is it true or not?

Most operating system engineers have caught on to the fact that the random 
number generator for initial sequence numbers is not good enough and have 
fixed this.  This will not stop an attacker though from session hijacking 
if he has the packet going through his computer on the way to its 
destination because all he has to do is read the ack and seq numbers as 
they go through his computer.  It does though make it significantly harder 
to predict the sequence numbers of packets that are not passing through 
your computer.  This is called blind spoofing.  The problem before was 
that I could guess what the next number was going to be and then I didnt 
even have to see the packet at all.  This is very bad. So some people have 
been trying to fix this. 

> anyone still can session hijacking using session hijacking program like 
> hunt?
I've never used hunt before so I dont know.  But, i would guess almost any 
session hijacking program will be able hijack a session when it can read 
the packets off the wire(it's trivial).  Whether or not it can hijack or 
start spoofed sessions from hosts where it can't see the packets I dont 
know.  It is possible for some operating systems. I've done some research 
on blind spoofing Windows 98 and an older linux kernel and been sucessful. 
So it is possible whether or not hunt can hijack blindly depends on the 
sophistication of the program and what OS it is trying to hijack i would 
think.

> Thanks in advance.
 no problem if you have any more questions send me an email. :)


John Fastabend
University of Portland
Computer Engineering Major


>  
>
>
> _________________________________________________________________
> È®ÀÎÇÏÀÚ. ¿À´ÃÀÇ ¿î¼¼ ¹«·á »çÁÖ, ±ÃÇÕ, ÀÛ¸í, Àü»ý °¡ÀÌµå   
> http://www.msn.co.kr/fortune/default.asp  
>
>
> -------------------------------------------------------------------
> SurfControl E-mail Filter puts the brakes on spam,
> viruses and malicious code. Safeguard your business
> critical communications. Download a free 30-day trial:
> http://www.securityfocus.com/SurfControl-security-basics

-- 
--
"Dependence on computers is apparently making a significant fraction
of the population incurably stupid." -- Fritz Whittington


-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.securityfocus.com/SurfControl-security-basics