I believe you meant 'hijacking'. Then you take control
of an existing connections.
Mainly used with any TCP connection but could be done
with mostly any transport protocol.
A couple of ways to do it:
- sniff the existing traffic, and sends your own message with IP
spoofing, good flags and sequence nummbers (you obviously see the replies)
- guess the state of the existing connection (in the case of TCP,
guess the sequence numbers) and sends your own messages (you will
not see the replies)
Prevention:
- authentication of each packets, e.g., IPSec or application layer
or SSL
- prevent the state guessing by using a real good TCP/IP stacks (AIX,
Solaris with the right config) or a firewall which adds entropy to the
sequence numbers
Hope this helps
-eric
At 19:00 03/06/1999 -0700, Ben Keepper wrote:
>
>----- Original Message -----
>From: Ben Keepper <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Wednesday, June 02, 1999 6:54 PM
>Subject: 'Snarfing'
>
>
>> "Snarfing"
>>
>> Not sure if this is the correct term, but I've heard it several times of
>> late. It seems to refer to the ability to take control of a session from
>> someone else and essentially spoof their identity.
>>
>> How do "attackers" monitor these sessions and what tools do they use to
>> monitor and take control?
>>
>> Is this "attack" a danger only to certain protocols?
>>
>> What are the defenses against this attack?
>>
>> Any discussion is appreciated.
>>
>> Ben
>>
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
>
Eric Vyncke
Consulting Engineer Cisco Systems EMEA
Phone: +32-2-778.4677 Fax: +32-2-778.4300
E-mail: [EMAIL PROTECTED] Mobile: +32-75-312.458
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
