IDS mailing list archives

Re: Session Hijacking

From: Dragos Ruiu <dr () kyx net>
Date: Sat, 5 Mar 2005 20:22:46 -0800

On March 2, 2005 11:07 pm, Mike Frantzen wrote:

Question, I am learning about session hijacking, and I was wondering
if an IPS has the capabilities to detect and prevent this type of
attack? If so how exactly would the IPS prevent a session hijacking?


It's pretty much impossible to prevent full-knowledge session hijacking
when the hijacker is on a local network with who he is hijacking.  You
pretty much have to be their switch.


It's an administrative hassle... but locking down mac addresses to switch 
physical ports _is_ a good idea... and raises the bar on hijacking.

-- 
World Security Pros. Cutting Edge Training, Tools, and Techniques
Vancouver, Canada       May 4-6 2005  http://cansecwest.com
pgpkey http://dragos.com/ kyxpgp

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------

Current thread:

Session Hijacking Terry Ray (Mar 02)
- Re: Session Hijacking Mike Frantzen (Mar 04)
  - Re: Session Hijacking Dragos Ruiu (Mar 06)
    - RE: Session Hijacking Angel L Rivera (Mar 07)
    - Re: Session Hijacking Dragos Ruiu (Mar 09)
    - Re: Session Hijacking Dragos Ruiu (Mar 09)
    - RE: Session Hijacking Angel L Rivera (Mar 09)
    - Re: Session Hijacking Dragos Ruiu (Mar 10)
    - RE: Session Hijacking Omar Herrera (Mar 07)
- Re: Session Hijacking Kevin (Mar 06)
- Re: Session Hijacking [havoc] (Mar 06)