TCP session hijacking
"TCP session hijacking" is a technique that involves intercepting a TCP session initiated between two machines in order to hijack it.
In that the authentication check is performed only when opening the session, a pirate who successfully launches this attack is able to take control of the connection throughout the duration of the session.
The initial hijacking method used involved using the source routing option of the IP protocol. This option made it possible to specify the path IP packets were to follow, using a series of IP addresses showing the routers to be used.
By exploiting this option, the pirate could indicate a return path for packets to a router under his control.
When source routing is disabled, which is the case nowadays for most equipment, a second method involves sending packets as "blind attacks", without receiving a response, by trying to predict sequence numbers.
Man in the middle
Also, when the pirate is on the same network thread as his two contacts, he can monitor the network and "quiet" one of the participants by crashing his machine or by flooding the network to take his place.
Secuestro de sesión TCP
Vol de session TCP (TCP session hijacking)
Dirottamento di sessione TCP (TCP session hijacking)
Roubo de sessão TCP (TCP sessão hijacking)
Latest update on October 16, 2008 at 09:43 AM by Jeff.