Security Basics mailing list archives
REsession-hijacking is still available?
From: "Dina Kamal" <dina () synergyct com>
Date: Tue, 8 Apr 2003 20:15:55 +0400
Hi, Well, in order to do session hijacking from the internet , the outside user must be capable of doing rerouting for the session that's already been established so that he can be able to sniff the tcp packet for the seq number and other information required to do a successful hijacking .. so we need source routing enabled on the routers but then what ?? Does anybody has an idea about this issue? Thanks in advance Dina
-----Original Message-----
From: SB CH [mailto:chulmin2 () hotmail com] Sent: Thursday, April 03, 2003 8:44 PM To: security-basics () securityfocus com Subject: session-hijacking is still available? Hello, all. if attacker can do session hijacking, he can know the seq number change, ack seq number change something like that. But I have heard that modern system like linux kernel 2.4.x or openbsd produce almost random seq number, so session hijacking is almost impossible thesedays. is it true or not? anyone still can session hijacking using session hijacking program like hunt? Thanks in advance. _________________________________________________________________ Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail ------------------------------------------------------------------- SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-security-basics ------------------------------------------------------------------- Is SPAM over-loading your e-mail server, disk space or bandwidth? SurfControl E-Mail Filter is flexible, intelligent and policy-driven protection. http://www.securityfocus.com/SurfControl-security-basics2 Download your free fully functional trial, complete with 30-days of free technical support. Stop SPAM before it stops you. -------------------------------------------------------------------
Current thread:
- session-hijacking is still available? SB CH (Apr 04)
- RE: session-hijacking is still available? Michael Cunningham (Apr 07)
- Re: session-hijacking is still available? secvuln (Apr 07)
- Re: session-hijacking is still available? John Fastabend (Apr 07)
- <Possible follow-ups>
- RE: session-hijacking is still available? Raghu Chinthoju (Apr 04)
- Fwd: FW: session-hijacking is still available? crawford charles (Apr 04)
- REsession-hijacking is still available? Dina Kamal (Apr 08)
- Re: REsession-hijacking is still available? John Fastabend (Apr 09)
- REsession-hijacking is still available? Dina Kamal (Apr 08)
- Re: session-hijacking is still available? crawford charles (Apr 10)