There are two types of hijacking attacks:
-  
 ActiveIn an active attack, an attacker finds an active session and takes over.
-  
 PassiveWith a passive attack, an attacker hijacks a session, but sits back and watches and records all of the traffic that is being sent forth.
| Session  hijacking can be active or passive in nature  depending on the degree of  involvement of the attacker in the attack. The  essential difference  between an active and passive hijack is that while an  active hijack  takes over an existing session, a passive attack monitors an  ongoing  session. | 
Generally a  passive attack uses sniffers on the network allowing  the attacker to  obtain information such as user id and password so that he can  use it  later to logon as that user and claim his privileges. Password sniffing   is only the simplest attack that can be performed when raw access to a  network  is obtained. Counters against this attack range from using  identification  schemes such as one-time password (e.g. skey) to  ticketing identification (such  as Kerberos). While these may keep  sniffing from yielding any productive  results, they do not insure the  network from an active attack neither as long as  the data is neither  digitally signed nor encrypted.
In an active attack,  the attacker takes over an existing session  by either tearing down the  connection on one side of the conversation or by  actively  participating by being the man-in-the-middle. These have been discussed   at length under the discussion covering the various steps involved in a  session  hijack.
This requires the ability to  predict the sequence number before  the target can respond to the  server. Sequence number attacks have become much  less likely because OS  vendors have changed the way initial sequence numbers are  generated.  The old way was to add a constant value to the next initial sequence   number; newer mechanisms use a randomized value for the initial sequence   number.
 
0 comments:
Post a Comment