Security Basics mailing list archives
RE: session-hijacking is still available?
From: Raghu Chinthoju <raghu_chinthoju () adp com>
Date: Fri, 4 Apr 2003 23:46:06 +0530
What you have heard is true. Almost all of the modern operating systems should be able to generate Initial sequence number which is almost random with a time component. But in some OSes(Solaris 2.6 etc), the new algorithm is not enabled by default. You need to check whether this is enabled on your machines. Raghu -----Original Message----- From: SB CH [mailto:chulmin2 () hotmail com] Sent: Friday, April 04, 2003 7:14 AM To: security-basics () securityfocus com Subject: session-hijacking is still available? Hello, all. if attacker can do session hijacking, he can know the seq number change, ack seq number change something like that. But I have heard that modern system like linux kernel 2.4.x or openbsd produce almost random seq number, so session hijacking is almost impossible thesedays. is it true or not? anyone still can session hijacking using session hijacking program like hunt? Thanks in advance. _________________________________________________________________ 확인하자. 오늘의 운세 무료 사주, 궁합, 작명, 전생 가이드 http://www.msn.co.kr/fortune/default.asp ------------------------------------------------------------------- SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-security-basics This message is confidential and may also be legally privileged. If you are not the intended recipient, please notify postmaster () adpwilco com immediately. You should not copy it or use it for any purpose, nor disclose its contents to any other person. The views and opinions expressed in this e-mail message are the author's own and may not reflect the views and opinions of ADP Wilco. ------------------------------------------------------------------- SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-security-basics
Current thread:
- session-hijacking is still available? SB CH (Apr 04)
- RE: session-hijacking is still available? Michael Cunningham (Apr 07)
- Re: session-hijacking is still available? secvuln (Apr 07)
- Re: session-hijacking is still available? John Fastabend (Apr 07)
- <Possible follow-ups>
- RE: session-hijacking is still available? Raghu Chinthoju (Apr 04)
- Fwd: FW: session-hijacking is still available? crawford charles (Apr 04)
- REsession-hijacking is still available? Dina Kamal (Apr 08)
- Re: REsession-hijacking is still available? John Fastabend (Apr 09)
- REsession-hijacking is still available? Dina Kamal (Apr 08)
- Re: session-hijacking is still available? crawford charles (Apr 10)