AW: TCP vs UDP II

[Fuchs Bernhard <Bernhard.Fuchs () itellium com>]

yes! it is called "session hijacking" 
dsniff, hunt and so on....
these are tools 4 it
check
http://www.owasp.org/asac/auth-session/hijack.shtml

Mit freundlichen Grüßen/ sincerely yours


Bernhard Fuchs 
Junior System-Engineer 
IT-Infrastruktur/IT-Sicherheit

ITELLIUM 
Systems & Services GmbH 
Fürther Straße 205 
90429 Nürnberg 

Tel.:   +49-911-14-27321 
Fax:    +49-911-14-22016 
mailto:bernhard.fuchs () itellium com 
http://www.itellium.com

This email is confidential. If you are not the intended recipient, you must
not disclose or use the information contained in it. If you have received
this mail in error, please tell us immediately by return email and delete
the document. E-mails to and from the company are monitored for operational
reasons and in accordance with lawful business practices. The contents of
this email are those of the individual and do not necessarily represent the
views of the company. The company accepts no responsibility once an e-mail
and any attachments is sent. 



-----Ursprüngliche Nachricht-----
Von: Pablo Gietz [mailto:pablo.gietz () nuevobersa com ar]
Gesendet: Mittwoch, 13. November 2002 17:56
An: security-basics () securityfocus com
Betreff: TCP vs UDP II


Dear list:
It's possible that a intruder could take active part of a TCP connection
after this was established?
In UPD I know this is true because is a connectionless protocol. But I have
doubts about TCP.
Thanks

Pablo A. C. Gietz
Jefe de Seguridad Informática
Nuevo Banco de Entre Ríos S.A.
Te.: 0343 - 4201351