Network Security: Replay Attacks and Session Hijacking

Key Concepts

• Network Traffic Flow:

  • Information exchange between client and server.
  • Potential for interception by attackers.

• Replay Attack:

  • Definition: Reuse of captured network information to gain unauthorized access.
  • Requirements for Attackers:
    • Access to information that can be replayed.
    • Methods to capture data include:
      • Physical network tap.
      • ARP poisoning to redirect traffic.
      • Installing malware on victim's system.
  • Process:
    • Attacker gathers details.
    • Replays the information to the server, posing as the victim.
  • Pass the Hash Attack:
    • Involves capturing username and hashed password.
    • Replaying captured credentials to authenticate as the victim.

Prevention of Replay Attacks

• Encryption:
  • Encrypt all network traffic to prevent visibility of sensitive information.
• Salting Passwords:
  • Use different salt for every authentication process.
  • Configure server to reject repeated hashes.

Browser Cookies and Session Hijacking

• Cookies:

  • Store information about visited sites.
  • Could be a privacy risk.
  • Session ID: Valuable for attackers to access servers without credentials.

• Session Hijacking (Sidejacking):

  • Process:
    • Attacker gains access to session ID.
    • Uses session ID for unauthorized sessions.
  • Packet Capture Tools:
    • Wireshark, Kismet.
  • Exploits:
    • Cross-site scripting.
    • Tools like Tamper, FireSheep, Scapy.

Prevention of Session Hijacking

• Encryption:
  • Encrypt data end-to-end or from device to a VPN concentrator.
  • Use HTTPS to secure connections.
  • Browser extensions for enforcing HTTPS connections.

Conclusion

• Ensuring robust network security involves encryption, proper configuration of servers, and awareness of potential vulnerabilities in network communication protocols.