If an attacker can monitor the link between the client and server of a TCP session in real-time, and can inject packets "fast enough", he can still hijack a session, as the sequence numbers for the hijacked session will be directly observable. The counter to this level of attack is to encrypt, preferably at the IP layer (one can still encrypt at the TCP layer, preventing the hijacker from doing anything "useful", but the victim session is still disrupted -- DoS).
-----Original Message-----
From: SB CH [mailto:[EMAIL PROTECTED] Sent: Thursday, April 03, 2003 8:44 PM To: [EMAIL PROTECTED] Subject: session-hijacking is still available?
Hello, all.
if attacker can do session hijacking, he can know the seq number change, ack seq number change something like that. But I have heard that modern system like linux kernel 2.4.x or openbsd produce almost random seq number, so session hijacking is almost impossible thesedays.
is it true or not? anyone still can session hijacking using session hijacking program like hunt?
Thanks in advance.
_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail
------------------------------------------------------------------- SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-security-basics
