yes! it is called "session hijacking" dsniff, hunt and so on.... these are tools 4 it check http://www.owasp.org/asac/auth-session/hijack.shtml
Mit freundlichen Gr��en/ sincerely yours Bernhard Fuchs Junior System-Engineer IT-Infrastruktur/IT-Sicherheit ITELLIUM Systems & Services GmbH F�rther Stra�e 205 90429 N�rnberg Tel.: +49-911-14-27321 Fax: +49-911-14-22016 mailto:[EMAIL PROTECTED] http://www.itellium.com This email is confidential. If you are not the intended recipient, you must not disclose or use the information contained in it. If you have received this mail in error, please tell us immediately by return email and delete the document. E-mails to and from the company are monitored for operational reasons and in accordance with lawful business practices. The contents of this email are those of the individual and do not necessarily represent the views of the company. The company accepts no responsibility once an e-mail and any attachments is sent. -----Urspr�ngliche Nachricht----- Von: Pablo Gietz [mailto:[EMAIL PROTECTED]] Gesendet: Mittwoch, 13. November 2002 17:56 An: [EMAIL PROTECTED] Betreff: TCP vs UDP II Dear list: It's possible that a intruder could take active part of a TCP connection after this was established? In UPD I know this is true because is a connectionless protocol. But I have doubts about TCP. Thanks Pablo A. C. Gietz Jefe de Seguridad Inform�tica Nuevo Banco de Entre R�os S.A. Te.: 0343 - 4201351
