What is TCP/IP Hijacking? How it works? How to be safe?!

TCP / IP hijacking is when an authorized user accesses another user's actual network connection. This is usually to bypass password authentication, which is the starting point of the session.
A theoretically established TCP / IP connection is shown below:

There are two possibilities for hijacking this connection:

• Find the seq which is a number that increases by 1, but there is no chance to predict it.

• The second possibility is to use the Man-in-the-Middle attack which, in simple words, is a type of network sniffing. For sniffing, we use tools like Wireshark or Ethercap.

Example

The attacker monitors the data transmission on the network and detects the IP of the two devices involved in the connection. When a hacker detects one of the user's IP, it can relinquish another user's connection by DoS attack and impersonate the IP of the connected user and resume communication.

Shijack

In fact, one of the best TCP / IP hijacking tools is Shijack. It is developed using Python language. This language can be downloaded from the link https://packetstormsecurity.com/sniffers/shijack.tgz.

An example of Shijack's command line

root:/home/root/hijack# ./shijack eth0 192.168.0.100 53517 192.168.0.200 23

        

Here, we are trying to hijack a Telnet connection between the two hosts.

Quick Tip

Since all unencrypted sessions are vulnerable to TCP / IP session hijacking, we need to use the encryption protocol whenever possible. Or you need to use dual authentication technology to protect the session.

Hope you'll like this. Follow us on Facebook Click Here :)