TCP session hijacking


TCP session hijacking

"TCP session hijacking" is a technique that involves intercepting a TCP session initiated between two machines in order to hijack it.

In that the authentication check is performed only when opening the session, a pirate who successfully launches this attack is able to take control of the connection throughout the duration of the session.

Source routing

The initial hijacking method used involved using the source routing option of the IP protocol. This option made it possible to specify the path IP packets were to follow, using a series of IP addresses showing the routers to be used.

By exploiting this option, the pirate could indicate a return path for packets to a router under his control.

Blind attack

When source routing is disabled, which is the case nowadays for most equipment, a second method involves sending packets as "blind attacks", without receiving a response, by trying to predict sequence numbers.

Man in the middle

Also, when the pirate is on the same network thread as his two contacts, he can monitor the network and "quiet" one of the participants by crashing his machine or by flooding the network to take his place.

More information

Jean-François Pillou

CCM is a leading international tech website. Our content is written in collaboration with IT experts, under the direction of Jeff Pillou, founder of CCM.net. CCM reaches more than 50 million unique visitors per month and is available in 11 languages.

Learn more about the CCM team

Latest update on October 16, 2008 at 09:43 AM by Jean-François Pillou.

This document, titled "TCP session hijacking," is available under the Creative Commons license. Any copy, reuse, or modification of the content should be sufficiently credited to CCM (https://ccm.net/).