Session Hijacking with Hunt
¨Runs on Linux platform
¨Allows attacker to see many sessions going across the network and to hijack a particular session
¨ACK storm may occurs after attacker injects one or two commands
¨ACK storm can be prevented running Hunt in a mode supporting ARP spoofing
–Don’t want victim’s packets to be seen by server and visa versa
–Attacker sends bogus ARP replies to both victim and server to poison their ARP tables
¨Attacker sees traffic sent by victim and server
¨Hunt can resynchronize the connection so session can be returned to victim
–Message is sent to victim to type certain number of keys to increment victim’s sequence number