The session hijacking process normally involves five steps: (200wrd)
- Sniffing the traffic between the target computer and the server.
- Monitoring traffic with the goal of predicting the packet sequence numbers.
- Desynchronizing the current session.
- Predicting the session ID and taking over the session.
- Injecting commands targeted at the server.
Discuss which of these steps you believe represent the most difficult technical challenges and explain the methods or approaches you might employ to overcome the challenges.
Part 2 answer 2 classmates no more than (100wrd) per classmate
The step that I believe would be most difficult in the session hijacking process would be predicting the session ID for a number of reasons. There are a number of methods you could use to try and predict the session ID however there are many defenses out there to try and prevent the session ID from being predicted. One method an attacker could use is to try and predict a session id is by gathering information from previously captured sessions however this is only effective if the id’s being used follow a set pattern. Another method is to try a brute force attack however if the session id is long enough then doing a brute force attack becomes very difficult, a session ID length of 128 bits is the minimum recommendation to help prevent brute force attacks. A good CSPRNG (Cryptographically Secure Pseudorandom Number Generator) can be used to generate random session ID’s which makes guessing the pattern of them virtually impossible as well. If all the guidlines and recommendations are followed it can be very difficult to decode a session ID however there are still places that use weak session ID’s and leave themselves vulnerable.
Morning Professor and Classmates,
The most difficult technical challenge in session hijacking is monitoring traffic to predict packet sequence numbers. To passively sniff network traffic and read the packet sequence number, an attacker should see both the sender and the receiver. However, passive sniffing is difficult in switched networks because one of the parties cannot be seen. In this case, a prediction scheme should be employed to correctly guess the sequence number.
The prediction scheme relies on sending multiple packets to a target to build a dataset. Since user sessions expire, it is difficult to build a dataset and run a prediction scheme before a session expires. Predicting a sequence number is also a difficult task because it is a 32-bit counter and there are over 4 billion possible combinations. As such, the prediction scheme requires a considerable amount of time and a high processing capability to deliver accurate results. Finally, most modern operating systems use randomly generated sequence numbers, which cannot be mathematically modeled. These issues need to be addressed to successfully monitor traffic to predict the packet sequence numbers.
Computers cannot generate truly random numbers because there is always an algorithm, which is used to perform the task. As such, advanced methods can be used to predict random numbers. For instance, an artificial intelligence algorithm such as a neural network can be used to identify the outputs of pseudo-random generators. To ensure that there is sufficient time for monitoring and predicting the sequence number, a denial of service (DoS) attack could be used. The goal of launching DoS is to prevent the actual target from sending packets. Consequently, an attacker can send multiple fake packets to build an effective neural network model for predicting the packet sequence number.