Hassan
-A Brief
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
©
SA
NS
In
sti
tu
te
20
00
-2
00
Author: Submitted on:
Bhavin Bharat Bhansali February 16, 2001
2,
Au
th
or
re
tai ns f
© SANS Institute 2000 - 2002
As part of GIAC practical repository.
ull rig ht s.
1 Author retains full rights.
Objective: The Objective of this document is to understand the Execution of "Man-In-the-Middle" attack. Overview: The "Man In The Middle" or "TCP Hijacking" attack is a well known attack where an attacker sniffs packets from network, modifies them and inserts them back into the network. There are few programs/source codes available for doing a TCP hijack. Juggernaut, TSight and Hunt are some these programs. In this paper we shall explore Hunt for understanding how TCP Hijacking is deployed on an Ethernet segment. Hunt is designed by kra kra@gncz.cz. The Hunt source code is available at the following URL: Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
Relevance: TCP Hijacking is an exploit that targets the victims TCP based applications like Telnet, rlogin, ftp, mail application, web browser etc. An attacker can grab unenrcypted confidential information from a victim's network based TCP application. He can further tamper the Authenticity and Integrity of the data. Definition of Important Terms: • IP spoofing - IP spoofing involves forging one's source IP address. It is the act of using one machine to impersonate another. Many applications and tools in UNIX systems rely on source IP address authentication.
•
•
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
©
SA
NS
In
Simple Active Attack against TCP connections - An attack in which the attacker does not merely eavesdrop but takes action to change, delete, reroute, add, forge or