REsession-hijacking is still available?

["Dina Kamal" <dina () synergyct com>]

Hi,
Well, in order to do session hijacking  from the internet , the outside user
must be capable of doing rerouting for the session that's already been
established so that he can be able to sniff the tcp packet for the seq
number and other information required to do a successful hijacking .. so we
need source routing enabled on the routers but then what ??
Does anybody has an idea about this issue?

Thanks in advance
Dina



> -----Original Message-----

From: SB CH [mailto:chulmin2 () hotmail com]
Sent: Thursday, April 03, 2003 8:44 PM
To: security-basics () securityfocus com
Subject: session-hijacking is still available?


Hello, all.

if attacker can do session hijacking, he can know the seq number change,
ack seq number change something like that.
But I have heard that modern system like linux kernel 2.4.x or openbsd
produce almost random seq number, so session hijacking is almost impossible
thesedays.

is it true or not?
anyone still can session hijacking using session hijacking program like
hunt?

Thanks in advance.


_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8.
http://join.msn.com/?page=features/junkmail


-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.securityfocus.com/SurfControl-security-basics


-------------------------------------------------------------------
Is SPAM over-loading your e-mail server, disk space or bandwidth?
SurfControl E-Mail Filter is flexible, intelligent and policy-driven
protection.
http://www.securityfocus.com/SurfControl-security-basics2
Download your free fully functional trial, complete with 30-days of free technical support.
Stop SPAM before it stops you.
-------------------------------------------------------------------