Session Hijacking Flashcards
What is blind hijacking?
In blind hijacking, a hacker can inject malicious data or commands into the intercepted communications in a TCP session, even if the victim disables source routing. Here, an attacker correctly guesses the next ISN of a computer attempting to establish a connection; the attacker sends malicious data or a command, such as password setting to allow access from another location on the network, but the attacker can never see the response. To be able to see the response, a man-in-the-middle attack works much better.
What is Yersinia?
Yersinia is a network tool designed to take advantage of weaknesses in different network protocols like DHCP. It pretends to be a solid framework for analyzing and testing the deployed networks and systems.
What is DerpNSpoof?
DerpNSpoof is a DNS poisoning tool that assists in spoofing the DNS query packet of a certain IP address or a group of hosts in the network
What is Vindicate?
Vindicate is an LLMNR/NBNS/mDNS spoofing detection toolkit for network administrators. Security professionals use this tool to detect name service spoofing
In IPsec, what is Oakley?
Oakley is protocol that uses the Diffie–Hellman algorithm to create a master key and a key that is specific to each session in IPsec data transfer.
What is token binding?
When a user logs into a web application, a cookie with a session ID, called a token, is generated. The user utilizes this random token to send requests to the server and access resources. An attacker can impersonate the user and hijack the connection by capturing and reusing a valid session ID. Token binding protects client–server communication against session hijacking attacks. The client creates a public–private key pair for every connection to a remote server.
What is LogRhythm?
LogRhythm is a SIEM whose Advanced Intelligence Engine can be used to detect session hijacking attacks.
What is IPsec DOI?
IPsec DOI (domain of interpretation) instantiates ISAKMP for use with IP when IP uses ISAKMP (Internet Security Association and Key Management Protocol) to negotiate security associations. A DOI document defines many things: a naming scheme for DOI-specific protocol identifiers, the contents of the situation field of the ISAKMP SA payload, the attributes that IKE negotiates in a quick mode, and any specific characteristics that IKE needs to convey.
What is IPsec ISAKMP?
The Internet Security Association and Key Management Protocol (ISAKMP) allows two computers to communicate by encrypting the data exchanged between them
