Beruflich Dokumente
Kultur Dokumente
Objectives
Basics of TCP/IP How communication takes place on Network? How does Three-way Handshaking works? What is a Session? What is Session Hijacking Different types of session hijack attacks Methods of conducting Session Hijacking Attacks
Basics of TCP/IP
TCP an abbreviation for Transmission Control Protocol, one of
the main connections oriented protocol in a TCP/IP network. TCP is a protocol for providing a reliable end -to-end communication on a non-reliable network. To establish a session or a connection with a TCP server, a client must have to follow a structured system for session management; this system is known as Three Way Handshake. For two machines to communicate via TCP they must have to synchronize their session through Synchronize and Acknowledgement Packets. Every single packet is given a sequence number which helps the receiving host to synchronize and reassemble the stream of packets back into their original and intended order. TCP session establishment is shown in figure:
What is a Session?
A Session refers to all the request that a
single client makes to a server. A session is specific to the user and for each user a new session is created to track all the request from that user. Every user has a separate session and separate session variable is associated with that session.
Active Attack
The active attack is when the attacker hijacks a session on the network. The attacker will silence one of the machines, usually the client computer, and take over the clients position in the communication exchange between the workstation and the server. The active attack also allows the attacker to issue commands on the network making it possible to create new user accounts on the network, which can later be used to gain access to the network without having to perform the session hijack attack.
Passive Attack
In Passive attack the attacker monitors the traffic between the workstation and server. The primary motivation for the passive attack is it provides the attacker with the ability to monitor network traffic and potentially discover valuable data or passwords. That is an attacker hijacks a session, but sits back, and watches and records all the traffic that is being sent forth
Hybrid Attack
The final type of session hijack attack is referred to as the hybrid attack. This attack is a combination of the active and passive attacks. This allow the attacker to listen to network traffic until something of interest is found. The attacker can then modify the attack by removing the workstation computer from the session, and assuming their identity.
Receiver and Sender have their own sequence numbers. When two parties communicate the following are needed: I. IP addresses II. Port Numbers III. Sequence Number IP addresses and port numbers are easily available so once the attacker gets the server to accept his guesses sequence number he can hijack the session.
Taking the client computer offline is only done in an aggressive session hijack attack.
1.Juggernaut :
It is one of the most popular software packages for session hijacking and it runs only on the LINUX operating system. Juggernaut contains a built in network sniffer which aids in the hijacking process and allows the attacker to watch for keywords as they flow across the network. Juggernaut is frequently used when attackers want to capture passwords.
2.T-Sight:
It is written for the Windows Operating system, is a commercially available product that provides most of the functionality of the UNIX software variants. T-Sight automates the selection of open sessions, provides accurate sequence number predication, and is capable of silencing target workstations.
The session hijack attack compromises all three sides of the CIA triad. When a successful attack is achieved, the attacker has the ability to read and modify data, violating the confidentiality and integrity portion of the model. Availability is also affected by the session hijack attack due to ARP storms and denial of service conditions that are a byproduct of the attack.
Questions