Session hijacking can be rather complex to perform. For that reason, it is not a very common form
of attack. Simply put, the attacker monitors an authenticated session between the client machine and
the server and takes that session over. We will explore specific methods of how this is done later in
this book.
A 1985 paper written by Robert T. Morris titled “A Weakness in the 4.2BSD Unix TCP/IP Software”
defined the original session hijacking.
By predicting the initial sequence number, Morris was able to spoof the identity of a trusted client to a server. This is much harder to do today.
In addition to flags (syn, ack, syn-ack), the packet header will contain the sequence number that is
intended to be used by the client to reconstitute the data sent over the stream in the correct order. If you are unfamiliar with network packet flags, we will be exploring that topic in Chapter 2, “Networks and the Internet.”
The Morris attack and several other session hijacking attacks require the attacker to be connected to the network and to simultaneously knock the legitimate user offline and then pretend to be that user. As you can probably imagine, it is a complex attack.
0 Comments