IDS mailing list archives
RE: Session Hijacking
From: "Angel L Rivera" <arivera () mitre org>
Date: Mon, 7 Mar 2005 09:18:44 -0500
Not quite - a little arp poisoning and spoofed mac address would defeat this control - it does make it harder but not impossible. An IPS might detect the arp poisoning attempt but you would need to have sensor on each switch. -----Original Message----- From: Dragos Ruiu [mailto:dr () kyx net] Sent: Saturday, March 05, 2005 11:23 PM To: Mike Frantzen; Terry Ray Cc: focus-ids () lists securityfocus com Subject: Re: Session Hijacking On March 2, 2005 11:07 pm, Mike Frantzen wrote:
Question, I am learning about session hijacking, and I was wondering if an IPS has the capabilities to detect and prevent this type of attack? If so how exactly would the IPS prevent a session hijacking?It's pretty much impossible to prevent full-knowledge session hijacking when the hijacker is on a local network with who he is hijacking. You pretty much have to be their switch.
It's an administrative hassle... but locking down mac addresses to switch physical ports _is_ a good idea... and raises the bar on hijacking. -- World Security Pros. Cutting Edge Training, Tools, and Techniques Vancouver, Canada May 4-6 2005 http://cansecwest.com pgpkey http://dragos.com/ kyxpgp -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. -------------------------------------------------------------------------- -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Session Hijacking Terry Ray (Mar 02)
- Re: Session Hijacking Mike Frantzen (Mar 04)
- Re: Session Hijacking Dragos Ruiu (Mar 06)
- RE: Session Hijacking Angel L Rivera (Mar 07)
- Re: Session Hijacking Dragos Ruiu (Mar 09)
- Re: Session Hijacking Dragos Ruiu (Mar 09)
- RE: Session Hijacking Angel L Rivera (Mar 09)
- Re: Session Hijacking Dragos Ruiu (Mar 10)
- Re: Session Hijacking Dragos Ruiu (Mar 06)
- Re: Session Hijacking Mike Frantzen (Mar 04)
- RE: Session Hijacking Omar Herrera (Mar 07)