Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Session Hijacking

from [Angel L Rivera] Network Security [Permanent Link]
Subject: RE: Session Hijacking
Date: Mon, 7 Mar 2005 09:18:44 -0500 
Not quite - a little arp poisoning and spoofed mac address would defeat this
control - it does make it harder but not impossible.  An IPS might detect
the arp poisoning attempt but you would need to have sensor on each switch. 

-----Original Message-----
From: Dragos Ruiu [mailto:dr@kyx.net] 
Sent: Saturday, March 05, 2005 11:23 PM
To: Mike Frantzen; Terry Ray
Cc: focus-ids@lists.securityfocus.com
Subject: Re: Session Hijacking

On March 2, 2005 11:07 pm, Mike Frantzen wrote:

Question, I am learning about session hijacking, and I was wondering
if an IPS has the capabilities to detect and prevent this type of
attack? If so how exactly would the IPS prevent a session hijacking?


It's pretty much impossible to prevent full-knowledge session hijacking
when the hijacker is on a local network with who he is hijacking.  You
pretty much have to be their switch.


It's an administrative hassle... but locking down mac addresses to switch 
physical ports _is_ a good idea... and raises the bar on hijacking.

-- 
World Security Pros. Cutting Edge Training, Tools, and Techniques
Vancouver, Canada       May 4-6 2005  http://cansecwest.com
pgpkey http://dragos.com/ kyxpgp

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------





--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Building an IDS security policy, Stephane
Next by Date:  How to choose an IDS/FW MSS provider, Stephane
Previous by Thread:  Re: Session Hijacking, Dragos Ruiu
Next by Thread:  Re: Session Hijacking, Dragos Ruiu
Indexes:  [Date] [Thread] [Top] [All Lists]