Compare packet sniffing and packet spoofing. Explain session hijacking attack.

406views

written 8.0 years ago by

teamques10 ★ 68k

Packet sniffing(snooping)	Packet spoofing
Packet sniffing refers to listening to other’s conversation.	Packet spoofing refers to actively introducing fake network traffic pretending to be someone else.
It is a passive attack (i.e. attacker cannot cause any kind of damage)	It is an active attack (i.e. attacker can insert malicious program to infect the other system)
Packet sniffing is usually done by gaining access to a computer/device through which the traffic flows (e.g. router or admin-PC)	Packet spoofing is done by sending packets with incorrect source address. The receiver the sends reply to this forged(spoofed) address. (Modifying routing tables)
Encryption is the best method to tackle sniffing	Digital signatures is a good method to tackle spoofing

Session hijacking is when an attacker gets access to the session state of a particular user.
The attacker is able to steal/obtain a valid session ID with which he gets access to the system and can snoop the data.
Packet spoofing and hijacking are not the same.In spoofing attack, the attacker does not actively take another user offline to perform the attack. He pretends to be another user or machine to gain access.
In session hijacking an attacker takes over an existing session, which means he relies on the legitimate user to make a connection and authenticate. Subsequently the attacker takes over the session.
There are two types of Session Hijacking:
- Active: The attacker finds an active session and takes over.
- Passive: An attacker hijacks a session; but sits back and keeps on recording the session data-flow.
Session hijacking takes place at two levels:
- Network Level: Interception of transmission between clients and server in a TCP and UDP session.
- Application Level: gaining control on the user session by obtaining the session ID.
Steps involved in Session Hijacking:
- Place yourself(attacker) between the victim and the target. (The attacker must be able to sniff the network)
- Monitor the flow of packets.
- Predict the sequence numbers
- Kill the connection to victim’s machine.
- Take over the session
- Start injecting packets to target server.
Network level Hijack: This form of hijack is very attractive to hijackers as it provides some critical information to the hijacker. Some form of attack here includes TCP/IP hijacking, RST Hijacking , Blind Hijacking.

TCP/IP Hijack	RST hijacking	Blind hijack
Uses spoofed packets to take control of victim’s system.To launch a TCP/IP attack, the hacker must be in same network.The victim & target machine can be anywhere	RST hijacking involves injecting an authentic-looking reset (RST) packet.The victim will believe that source actually sent the resent packet and reset’s connection.	Hacker sends malicious codes and commands but has got no access to see the response of his actions.

Tools for session Hijackin: Wireshark, Juggernaut, Hunt, TTY Watcher
Prevention of session hijacking can be done by encryption, secure connections, anti-virus softwares.

ADD COMMENT EDIT