Irregular Expressions

Nov 18 2011   11:42PM GMT

TCP Session Hijacking

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

Part of taking over a TCP session is knowing how it works, that’s why I was previously talking about the TCP handshake.

To take over a session there is a few general steps that need to be done.

1. You need to know the ISN, there is a few ways to do this.

  • In between, the conversation.  Using some sort of sniffer to watch the traffic to know the ISN.
  • Guess, that is not as easy as it was since before RFC 1948.
  • Use source routing, but that should be disabled.

2. Once you know the ISN by one way or the other you then need to take the session over.  As the session is being taken over the client that is being replaced needs to be knocked off the network.  Typically this is done with some sort of DOS.

In most cases this is used to gain access to a target system, back in the days of telnet.  You could take over the session then through the needed commands to setup a shell to the machine.

This type of attack is still useful for other things, http sessions and other non-encrypted traffic.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: