Network-based
Session Hijacking
¨Attack based on sniffing and spoofing
¨Occurs when attacker steals user session such as telent, rlogin, or FTP.
–Innocent user thinks that his session was lost, not
stolen
¨Attacker sits on a network segment where traffic between victim and server can be seen
¨Attacker injects spoofed packets contain source IP address of victim with proper TCP sequence numbers
¨If hijack is successful, server will obey all commands sent by attacker.
¨May cause ACK storm between victim and server when victim tries to resynchronize its sequence number