Session Hijacking
An attacker takes a user offline and takes over the existing session.
  1. Passive - attacker hijacks a session, and records traffic intended for original user
  2. Active - attacker hijacks a session and interacts with the other system(s)
  3. Session Hijacking protocol
    1. Find a target
    2. Perform sequence prediction
      • Use nmap to determine the feasibility of this
      • use packet sniffer to get sequence numbers
    3. Find an active session
    4. Guess the sequence numbers
    5. take one of the parties offline
    6. take over the session
  4. Programs that perform hijacking
    1. Hunt
    2. TTY Watcher - free
    3. IP Watcher - commercial


Please mail any comments about this page to summers_wayne@ColumbusState.edu