Session Hijacking with Hunt
¨Runs on Linux
platform
¨Allows attacker to
see many sessions going across the network and to
hijack a particular session
¨ACK storm may occurs
after attacker injects one or two commands
¨ACK storm can be
prevented running Hunt in a mode supporting ARP
spoofing
–Don’t want victim’s
packets to be seen by server and visa versa
–Attacker sends bogus
ARP replies to both victim and server to poison
their ARP tables
¨Attacker sees
traffic sent by victim and server
¨Hunt can
resynchronize the connection so session can be returned to victim
–Message is sent to victim to type certain number of keys to increment victim’s sequence number