Session hijacking scenario:
-
A telnets to B to get some work done
-
Attacker resets connection to A
-
Attacker kicks off A and takes over the session to B. The logs will show that A made all changes
|
Other tools: Juggernout, TTYWatcher, IPWatcher
|
Defenses: use strong authentication (SSH), do not telnet to critical computers
|