Security Basics mailing list archives
RE: session-hijacking is still available?
From: Michael Cunningham <crayola () optonline net>
Date: Mon, 07 Apr 2003 00:10:45 -0400
if attacker can do session hijacking, he can know the seq number change, ack seq number change something like that. But I have heard that modern system like linux kernel 2.4.x or openbsd produce almost random seq number, so session hijacking is almost impossible thesedays.
While the initial sequence number choosen these days is random it must be incremented for each packet transmitted. The sequence number is used to reassemble the packets back into a message. If an attacker can sniff your connection they can sample the current sequence number and inject a packet into the stream.
anyone still can session hijacking using session hijacking program like hunt?
Yes... Your best defense against hunt is to use SSH and limit the possiblities for an attacker to sniff your lan. Mike -- Michael Cunningham (CISSP, SCNA, SCSA, CCSA) ------------------------------------------------------------------- SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-security-basics
Current thread:
- session-hijacking is still available? SB CH (Apr 04)
- RE: session-hijacking is still available? Michael Cunningham (Apr 07)
- Re: session-hijacking is still available? secvuln (Apr 07)
- Re: session-hijacking is still available? John Fastabend (Apr 07)
- <Possible follow-ups>
- RE: session-hijacking is still available? Raghu Chinthoju (Apr 04)
- Fwd: FW: session-hijacking is still available? crawford charles (Apr 04)
- REsession-hijacking is still available? Dina Kamal (Apr 08)
- Re: REsession-hijacking is still available? John Fastabend (Apr 09)
- REsession-hijacking is still available? Dina Kamal (Apr 08)
- Re: session-hijacking is still available? crawford charles (Apr 10)