Keshav tiwari 20803001_TCP Session Hijacking.pptx

keshavjhansi 4 views 15 slides Sep 13, 2024
Slide 1
Slide 1 of 15
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15

About This Presentation

TCP session

Size: 811.11 KB
Language: en
Added: Sep 13, 2024
Slides: 15 pages

Slide Content

Presentation on TCP Session Hijacking Keshav Kumar Tiwari Phd (Part time)| CSE | NIT Jalandhar Network Security CS-554 Roll No 20803001 11/29/2021

I n t r o d u c t i o n Session hijacking is a special case of TCP/IP spoofing, and the hijacking is much easier than sequence number spoofing. An intruder monitors a session between two communicating hosts and injects traffic that appears to come from one of those hosts, effectively stealing the session from one of the hosts. The legitimate host is dropped from the connection and the intruder continues the session with the same access privileges as the legitimate host. 11/29/2021

TCP HEADER 11/29/2021

SYN.:1 seq.:400 SYN.:1 seq.:1000 ACK.:1 ack num.:401 ACK.:1 ack num.:1001 3 WAY HANDSHAKE B OB SERVER 11/29/2021

C O N T .. . 1 S Y N In the first step, the client wants to establish a connection with a server, so it sends a segment with SYN(Synchronize Sequence Number) which informs the server that the client is likely to start communication and with what sequence number it starts segments with 02 SYN/ACK The server responds to the client request with SYN-ACK signal bits set. Acknowledgment (ACK) signifies the response of the segment it received and SYN signifies with what sequence number it is likely to start the segments with 03 ACK In the final part client acknowledges the response of the server and they both establish a reliable connection with which they will start the actual data transfer 11/29/2021

WHAT IS TCP SESSION HIJACKING With TCP session hijacking, the attacker takes over an already-authenticated host as it communicates with the target. TCP session hijacking is different from IP spoofing, in which you spoof an IP address or MAC address of another host. With IP spoofing, you still need to authenticate to the target. TCP Session hijacking is the attempt to overtake an already active session between two hosts. 11/29/2021

C O N T .. . effectively hijack a TCP session, you must accurately predict the sequence numbers that are being used between the target and host. Sequence numbers are a 32-bit field in the TCP header. Therefore, they range from 1 to 4,294,967,295. Every byte is sequenced, but only the sequence number of the first byte in the segment is put in the TCP header. In TCP-based applications, sequence numbers inform the receiving machine which orders to put the packets in if they are received out of order. 11/29/2021

SESSION HIJACKING IMPLEMENTATION TCP guarantees delivery of data, and also guarantees that packets will be delivered in the same order in which they were sent. In order to guarantee that packets are delivered in the right order, TCP uses acknowledgement (ACK) packets and sequence numbers to create a "full duplex reliable stream connection between two endpoints", with the endpoints referring to the communicating hosts. The connection between the client and the server begins with a 3-way handshake. 11/29/2021

C O N T .. . After the handshake, it is just a matter of sending packets and incrementing the sequence number to verify that the packets are getting sent and received. The goal of the TCP session hijacker is to create a state where the client and server are unable to exchange data; enabling him/her to forge acceptable packets for both ends, which mimic the real packets. Thus, the attacker is able to gain control of the session. 11/29/2021

C O N T .. . IP Spoofing: IP spoofing is a technique which is used to gain unauthorized access to computers where the intruder sends a message to a computer with an Ip address indicating that the message is coming from a trusted host. Man in the middle Attack: Attacker tries to get the session Id by doing ARP spoofing and man in the middle attack. 11/29/2021

C O N T .. . Blind Hijacking: In cases where source routing is disabled, the session hijacker can also use blind hijacking where he injects his malicious data into intercepted communications in the TCP session. It is called blind because he cannot see the response; though the hijacker can send the data or commands, he is basically guessing the responses of the client and server. 11/29/2021

11/29/2021

11/29/2021

Defending Against Session Hijacking Making it difficult for attackers to spoof packets Randomize source port number Randomize initial sequence number Not effective against local attacks 11/29/2021

Do you have any questions ? Thank you! 11/29/2021
Tags
Categories
General
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 4
  • Slides 15
  • Age 444 days
Related Slideshows
Pray For The Peace Of Jerusalem and You Will Prosper 22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
Don_t_Waste_Your_Life_God.....powerpoint 26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf 31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
Fertility awareness methods for women in the society 14
Fertility awareness methods for women in the society
Isaiah47
29 views
Chapter 5 Arithmetic Functions Computer Organisation and Architecture 35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
syakira bhasa inggris (1) (1).pptx....... 5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views
View More in This Category