Session Hijacking
Session Hijacking
Many attackers spoof their addresses, meaning that the address within the frame that is
used to commit the attack has an IP address that is not theirs. This makes it much
harder to track down the attacker, which is the attacker’s purpose for spoofing in the
first place. This also enables an attacker to hijack sessions between two users without
being noticed.
If an attacker wanted to take over a session between two computers, she would need
to put herself in the middle of their conversation without being detected. Two tools
used for this are Juggernaut and the HUNT Project These
tools enable the attacker to spy on the TCP connection and then hijack it if the attacker
decides that is what she wants to do.
If Kristy and David were communicating over a TCP session and the attacker wanted
to bump David off and trick Kristy into thinking she is still communicating with David,
the attacker would use a tool to spoof her address to be the same as David’s and temporarily
take David off the network with a type of DoS attack. Once this is in place,
when Kristy sends a message to David, it actually goes to the attacker, who can then
respond to Kristy. Kristy thinks she is getting a reply from David. The attacker may also
choose to leave David on the network and intercept each of the users’ messages, read
them, and repackage them with headers that indicate no session hijacking took place,
as shown in Figure 12-10.
If session hijacking is a concern on a network, the administrator can implement a
protocol, such as IPSec or Kerberos, that requires mutual authentication between users
or systems. Because the attacker will not have the necessary credentials to authenticate
to a user, she cannot act as an imposter and hijack sessions.
Many attackers spoof their addresses, meaning that the address within the frame that is
used to commit the attack has an IP address that is not theirs. This makes it much
harder to track down the attacker, which is the attacker’s purpose for spoofing in the
first place. This also enables an attacker to hijack sessions between two users without
being noticed.
If an attacker wanted to take over a session between two computers, she would need
to put herself in the middle of their conversation without being detected. Two tools
used for this are Juggernaut and the HUNT Project These
tools enable the attacker to spy on the TCP connection and then hijack it if the attacker
decides that is what she wants to do.
If Kristy and David were communicating over a TCP session and the attacker wanted
to bump David off and trick Kristy into thinking she is still communicating with David,
the attacker would use a tool to spoof her address to be the same as David’s and temporarily
take David off the network with a type of DoS attack. Once this is in place,
when Kristy sends a message to David, it actually goes to the attacker, who can then
respond to Kristy. Kristy thinks she is getting a reply from David. The attacker may also
choose to leave David on the network and intercept each of the users’ messages, read
them, and repackage them with headers that indicate no session hijacking took place,
as shown in Figure 12-10.
If session hijacking is a concern on a network, the administrator can implement a
protocol, such as IPSec or Kerberos, that requires mutual authentication between users
or systems. Because the attacker will not have the necessary credentials to authenticate
to a user, she cannot act as an imposter and hijack sessions.
本文出自 “木鸟” 博客,谢绝转载!