Session Hijacking
Sniffers
- Passive sniffing is performed when the user is on a hub. Because the user is on a hub, all traffic is sent to all ports.
- Server versions of Windows cannot be upgraded to Windows XP Professional.
- MAC flooding and ARP poisoning are the two ways that the attacker can attempt to overcome the switch.
- MAC flooding is the act of attempting to overload the switches content addressable memory (CAM) table.
- ARP poisoning is the second method that can be used to overcome switches.
- ARP is how network devices associate a specific MAC addresses with IP addresses so that devices on the local network can find each other.
- The ARP cache stores the IP address, the MAC address, and a timer for each entry.
|
Operating System |
Command |
Syntax |
|---|---|---|
|
Linux |
Enter the following command: to edit /proc: 1=Enabled, 0=Disabled |
echo 1 > /proc/sys/net/ipv4/ip_forward |
|
Windows 2000, XP, and 2003 |
Edit the following value in the registry: 1=Enabled, 0=Disabled |
IPEnableRouter Location: |
|
HKLMSYSTEMCurrentControlSetServicesTcpip |
||
|
Parameters |
||
|
Data type: REG_DWORD |
||
|
Valid range: 01 |
||
|
Default value: 0 |
||
|
Present by default: Yes |
Denial of Service
|