Session hijacking relies, in part, on many of the prerequisites needed to successfully sniff a network. For instance, session hijacking attacks increase in complexity for external and switched networks. In other words, sitting on the local LAN (for example, as a disgruntled employee) is a much better strategic position for an attack than sitting outside … Read more
Network-level session hijacking is a hijacking method that focuses on exploiting a TCP/IP connection after initialization or authentication has occurred. There are some specific hijacking techniques that are in this category of attack. Some common ones we will discuss are TCP/IP hijacking, man-in-the-middle attacks, and UDP session hijacking. TCP/IP Session Hijacking TCP/IP session hijacking is … Read more
Session hijacking at the application level focuses on gaining access to a host by obtaining legitimate session IDs from the victim. Essentially, a session ID is an identifier that is applied to a user’s session that allows the server or web resource to identify the “conversation” it is having with the client. So, for example, … Read more
Session hijacking is synonymous with a stolen session, in which an attacker intercepts and takes over a legitimately established session between a user and a host. The user-host relationship can apply to access of any authenticated resource, such as a web server, Telnet session, or other TCP-based connection. Attackers place themselves between the user and … Read more
DoS attacks come in many flavors, each of which is critical to your understanding of the nature of the DoS attack class. Service Request Floods In this form of DoS attack, a service such as a web server or web application is flooded with requests until all resources are used up. This would be the … Read more
Over the last decade, some of the biggest security threats have come from the use of social networking. The rapid growth of these technologies lets millions of users each day post on Facebook, Twitter, and many other networks. What type of information are they posting? ■ Personal information ■ Photos ■ Location information ■ Friend … Read more
Sniffing tools are extremely common applications. A few interesting ones are: Wireshark One of the most widely known and used packet sniffers. Offers a tremendous number of features designed to assist in the dissection and analysis of traffic. TCPdump A well-known command-line packet analyzer. Provides the ability to intercept and observe TCP/IP and other packets … Read more
When you are working with Trojans and other malware, you need to be aware of covert and overt channels. As mentioned earlier in the chapter , the difference between the two is that an overt channel is put in place by design and represents the legitimate or intended way for the system or process to … Read more
A wide range of tools exist that are used to take control of a victim’s system and leave behind a gift in the form of a backdoor. This is not an exhaustive list, and newer versions of many of these are released regularly: let me rule—A remote access Trojan authored entirely in Delphi. It uses … Read more
A Trojan can be detected in many ways. Port scanning, which can prove very effective if you know what to look for. Because a Trojan is used to allow access through backdoors or covert channels, a port must be opened to allow this communication. A port scan using a tool such as Nmap reveals these … Read more