Bob

Samuel, a professional hacker, monitored and intercepted already established traffic between Bob and host machine to predict Bob’s ISN. Using this ISN, Samuel sent spoofed packets with Bob’s IP address to the host machine. The host machine responded with a packet having an incremented ISN. Consequently, Bob’s connection got hung, and Samuel was able to communicate with the host machine on behalf of Bob. What is the type of attack performed by Samuel in the above scenario?

Samuel, a professional hacker, monitored and intercepted already established traffic between Bob and host machine to predict Bob ‘s ISN. Using this ISN, Samuel sent spoofed packets with Bob ‘s IP address to the host machine. The host machine responded with a packet having an incremented ISN. Consequently, Bob ‘s connection got hung, and Samuel was able to communicate with the host machine on behalf of Bob. What is the type of attack performed by Samuel in the above scenario?

Option 1 : TCP/IP hijacking
Option 2 : UDP hijacking
Option 3 : Forbidden attack
Option 4 :  Blind hijacking

1. TCP/IP hijacking

A TCP/IP hijack is an attack that spoofs a server into thinking it’s talking with a sound client, once actually it’s communication with an assaulter that has condemned (or hijacked) the tcp session. Assume that the client has administrator-level privileges, which the attacker needs to steal that authority so as to form a brand new account with root-level access of the server to be used afterward. A tcp Hijacking is sort of a two-phased man-in-the-middle attack. The man-in-the-middle assaulter lurks within the circuit between a shopper and a server so as to work out what port and sequence numbers are being employed for the conversation.

First, the attacker knocks out the client with an attack, like Ping of Death, or ties it up with some reasonably ICMP storm. This renders the client unable to transmit any packets to the server. Then, with the client crashed, the attacker assumes the client’s identity so as to talk with the server. By this suggests, the attacker gains administrator-level access to the server.

One of the most effective means of preventing a hijack attack is to want a secret, that’s a shared secret between the shopper and also the server. looking on the strength of security desired, the key may be used for random exchanges. this is often once a client and server periodically challenge each other, or it will occur with each exchange, like Kerberos.

2. UDP hijacking

UDP doesn’t have a state like tcp has, thus there’s no session to hijack (may be). due to this it’s not possible to verify the identity of the sender of an UDP packet.

Since UDP doesn’t use packet sequencing and synchronizing; it’s easier than tcp to hijack UDP session. The hijacker has merely to forge a server reply to a client UDP request before the server will respond. If sniffing is used than it’ll be easier to manage the traffic generating from the facet of the server and therefore restricting server’s reply to the client within the 1st place.

3. Forbidden attack

A number of supposedly secure HTTPS sites in hand by Visa are vulnerable to what has been dubbed the ‘forbidden attack’. the protection flaw makes it potential for hackers to inject content and code into sites, further as opening up the possibility of acting man-in-the-middle attacks.

A team of researchers have published a paper that shows how 70,000 HTTPS servers were liable to the attack, and 184 were found to be particularly at risk. while many of the affected sites have since been patched, sites happiness to Visa and Polish banking associate Zwizek Banków Polskich stay insecure due to reusing a cryptographic nonce in contravention of the TLS protocol (hence the ‘forbidden’ tag).

In reusing knowledge over once throughout coding, it makes it possible for an attacker to calculate the specified key and compromise the positioning. As explained by Ars Technica, reusing a nonce during a TLS handshake would permit a connection to not solely be monitored, however additionally interfered with. Researchers were able to exploit the vulnerability to attack HTTPS-protected sites. Ars says: “Attackers who ar able to bypass the protection might add malicious JavaScript code or possibly add net fields that prompt a visitor to reveal passwords, Social Security numbers, or different sensitive data”.

In order to perform a successful attack on a number of the seventy,000 sites known, it’d be necessary to flood a reference to terabytes of information, creating it quite unlikely. however a security risk could be a security risk, and also the supply of the vulnerability is particularly concerning.

4. Blind hijacking

A type of session hijacking during which the cybercriminal doesn’t see the target host’s response to the transmitted requests. The attacker, being during a man-in-the-middle position, will only introduce malicious injections into the victim’s knowledge packets, blindly guessing their sequence numbers and while not receiving confirmation of success. all the same, blind hijacking may be used, as an example, to send a command to change/reset a secret.

Learn CEH & Think like hacker


This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com

https://g.co/kgs/ttqPpZ

Leave a Comment