Basic HTML version of Foils prepared July 6 99

Foil 85 Session Hijacking (1)

From Security Infrastructure fo Electronic Commerce and Internet CPS714 Computational Science Information Track -- June 2 and June 7 99. by Roman Markowski
Allows an attacker to steal, share, terminate, monitor and log any terminal session that is in progress
Session stolen across the network
bypass all forms of strong authentication
HUNT, session hijacking tool written in November 1998: http://www.rootshell.com allows insertion of commands or takeover of session
What can be hijacked: telnet, rlogin, rsh, ftp

© Northeast Parallel Architectures Center, Syracuse University, npac@npac.syr.edu

If you have any comments about this server, send e-mail to webmaster@npac.syr.edu.

Page produced by wwwfoil on Tue Jul 6 1999