In: Categories » Computers and technology » Data security » How to protect against Spoofing and Session Hijacking
| Spoofing is the term hackers use to describe the act of faking information sent to a computer. This is a broad definition of spoofing, but there are many subtle variations of this attack. However, the purpose is generally the same: to disguise the location from which the attack originates. Session hijacking takes the act of spoofing one step further. It involves the faking of one's identity in order to take over a connection that is already established. Because spoofing is required in order to successfully hijack a connection, we will discuss the two hacking techniques together. The most common spoofing attack is called an IP spoof. This type of attack takes advantage of the Internet Protocol, which is part of TCP/IP. TCP/IP requires a return address on data packets to keep a connection open and to maintain a level of reliability when transmitting information. However, if this return address is faked, the sender is fairly safe from being traced. An Example of SpoofingSpoofing has two main uses. The first use is an untraceable denial-of-service attack. By intimately understanding the internal workings of TCP/IP, a hacker can abuse the software used in Internet communication and bring a network to its knees. Flooding a network with packets that have a fake return address not only will slow the flooded network, but will also affect the computer that owns the forged return address. This is like sending out a thousand pieces of insulting mail to your boss while using the return address of your annoying neighbor (not recommended). This type of spoofing attack is very common on the Internet. One of the most common uses for spoofing is spam. Spam is unsolicited, bulk advertising email that plagues us all. Although spam is illegal in some states, and very rude in all the others, spammers are getting away with it. The reason they can do this is because the origin of the spammer remains hidden. Spammers use a spoofing technique to disguise the source of the email. They can do this by using email servers that allow anyone to connect and send mail. This is known as open relay. Many of these servers are misconfigured; however, some servers are available for just this purpose. By sending the email through the server, the email is tagged with the wrong return address, which makes it difficult to track down and prosecute the responsible parties. Another common abuse of spoofing is in a denial-of-service (DoS) attack. This type of attack is very similar to the child's game of "knock and hide." A computer virtually knocks on another computer's door and then hides. Using amplification, the target computer can be kept so busy answering false knocks that a real knock will go unanswered. Although spoofing can protect a hacker from being traced, there are yet more sinister uses for this technique, such as session hijacking. This type of attack can be understood through the illustration of a letter exchange between two friends on the opposite sides of the world. Let's call these people Sally and Joe, and let's call our attacker Mr. Mean. Assuming the letter exchange was previously in place before the attacker noticed it, both Sally and Joe would know each other's address and have it stored away in their address book. The attacker knows this, and realizes that in order to capture and control the conversation, he must gain control of the addresses. The first step to session hijacking is to discover the original addresses of both parties. In this case, it is a simple matter—Mr. Mean can look up both Sally and Joe's address in the phone book. The same applies in the digital world. An attacker would have to know both IP addresses and MAC addresses in order to attack. However, coming by this knowledge is often a simple matter, as it is typically public knowledge. Just as Mr. Mean would use a phone book to look up the addresses of his victims, a hacker would use the WHOIS service to look up the addresses of the computers online. This database is nothing more than a listing of all domain names with their corresponding IP addresses. The next step would be to convince both Sally and Joe that the other had moved. This would be a relatively simple matter for Mr. Mean. All he would have to do is pick up some standard change of address forms from a card shop and mail them to both Sally and Joe. On the form, he would simply tell each party that their new address was 123 Lane Street. This would result in both Sally and Joe updating their address books with the new, fake address. Because of the formality of the form, neither Sally nor Joe would suspect anything. However, in reality, they would now be sending all messages directly to Mr. Mean's house. Likewise, a hacker can perform such trickery. Using something known as an ARP request, the attacker would send his targets the same message telling them that the new IP address (tied to MAC address) is now located at XXX.XXX.XXX.XXX. This would result in each computer updating its ARP tables (address book) with the new address, which would cause all data to be passed to the attacker's computer. At this point, Mr. Mean has all the mail messages arriving at his doorstep. He can now read, change, or even throw away any messages sent by Sally or Joe. This is the power of session hijacking. A computer can do the same thing. After the ARP addresses have been changed, the attacker's computer would receive all data being passed between the targets. The hacker can capture, adjust, and delete data just like Mr. Mean. If Mr. Mean wants to stop monitoring the connection, he can simply ignore all the messages. However, this might lead Sally or Joe to discover that their messages have been compromised. The smartest thing Mr. Mean can do is send out another moving notice to both Sally and Joe informing each other of the correct address. Again, Sally and Joe would update their address books and continue as if nothing happened. The same would apply for a hacker. Although she could just turn off her computer and leave the area, this would result in a loss of communication, and could tip someone off that the connection was not secure. If this is not an acceptable risk for a hacker, she can simply forge ARP packets and correct the ARP table for the victim's computers. There are many uses for these types of spoofing techniques. For example, secure links between a home computer and a Web store can be hijacked, chat connections can be hijacked, and even updates and downloads for popular programs can be spoofed. In other words, that virus update you just downloaded might not be what you think it is—instead of getting an update to your virus scanner, you could instead be installing a deadly computer virus.
|
legal disclaimer
1) Our website is not responsible for the information contained by this article as well for any and all copyright infringements by authors and writers. E-articles is a free information resource. If you suspect this article for any copyright infringements, please read the Terms of service and contact us to investigate the problem.
2) The E-articles directory team is not responsible for inaccuracies, falsehoods, or any other types of misinformation this tutorial may contain and will not be liable for any loss or damage suffered by a user through the user's reliance on the information gained here. Please read the Terms of service
Useful tools and features
If you like this article (tutorial), please link to it from your web page using the information above. Linking to this page, this is the only way to help us improve our service, the same time providing your visitors with a way to improve their online experience.
related articles
A network security incident isany network-related activity with negative security implications. Security incidents on the Internet can come in all shapes and sizes, launched from specific systems or networks. An intrusion may be a comparatively minor event involving a single site or a major event in which tens of thousands of sites are compromised. A typical attack pattern consists of gaining access to a user's account and using the victim's system as a launch platform for attacks on other sites. The following are other example...
2. The Most Common Network Security Tools and Technologies
The following taxonomy is useful in understanding the security systems, technologies and authentication tools widely available to support secure transmission and storage of information in a networked e-business environment. Firewalls Firewalls are used to keep a network secure from intruders. A firewall is a network node consisting of both hardware and software that isolates a private network. In order to understand how a firewall works, one should have an understanding of packets, IP addresses and DoS attacks. Howev...
3. Securing Multiple Servers and Domains with SSL
As organizations and service providers enhance their Web sites and extranets with newer technology to reach larger audiences, server configurations have become increasingly complex. They must now accommodate: Redundant server backups that allow Web sites and extranets to maximize site performance by balancing traffic loads among multiple servers Organizations running multiple servers to support multiple site names Organizations running multiple servers to support a s...
4. How to protect against Unexpected Inputs
When you surf the Internet, you download one of two types of Web pages to your computer: static or dynamic. A static Web page sits on a Web server until a client computer sends a request for it. Once requested, the Web page is then downloaded to the client computer exactly as it was created, where the Web browser then views the page. A static Web page is really nothing more than a brochure or advertisement, and does not allow the true power of the Internet to be expressed. However, a static page is relatively safe from hackers....
5. What are Buffer Overflows
Exploiting a buffer overflow is an advanced hacking technique. However, it is a leading type of security vulnerability. To understand how a hacker can use a buffer overflow to infiltrate or crash a computer, you need to understand exactly what a buffer is. A computer program consists of many different variables, or value holders. As a program is executed, these different variables are assigned a specific amount of memory as required by the type of information the variable is expected to hold. For example, a short integer ...
6. Protecting the Security of Information
The first and best line of defense against unwarranted intrusions into personal privacy is for individuals to employ e-commerce technology to protect themselves. Industry-developed and supplied encryption technologies and firewalls, for example, provide individuals with substantial tools to guard against unwarranted intrusions. Encryption is technology, in either hardware or software form, which scrambles e-mail, database information, and other computer data to keep them private. Using a sophisticated mathemati...
7. Why Is Authenticated SSL Necessary
Notions of identity and authentication are fundamental concepts in every marketplace. People and institutions need to get to know one another and establish trust before conducting business. In traditional commerce, people rely on physical credentials (such as a business license or letter of credit) to prove their identities and assure the other party of their ability to consummate a trade. In the age of e-business, authenticated SSL certificates provide crucial online identity and security to help establish trust between ...
8. Virus Prevention ~ How to protect against Internet Viruses
There are several elements to a good virus defense. The most important element requires some self-control—you must NEVER open a file/program unless you are 100% sure it is not infected. No matter how attractive the file is, where it came from, or what it promises you, you can never assume that a file is what it claims to be. For example, the Melissa virus reproduced through email and sent copies of itself to every one in the victim's address book. Because of this, relatives and friends of the victim were soon infected as ...