Hi-jacking
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Hi-jacking

  1. #1
    Junior Member
    Join Date
    Jul 2002
    Posts
    19

    Hi-jacking

    Hi,

    What are the symptoms of a hi-jacked system. With other words how do I know that a system is hijacked?

    MrEsco
    Beware of weird people

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Well, usually hijacking, to my understanding, usually refers to a remote session like a telnet or SSH or something like that being hijacked.

    Unless you are thinking of a trojan.

    Look for unusual processes (ones that you haven't seen running before) and any ports open. Additionally, if the system starts doing stuff (like open CDrom, power off) when you did tell it to is another big hint.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Senior Member
    Join Date
    Apr 2002
    Posts
    634
    The term of hi-jacking can refer to a lot of different attacks.
    But it is very difficult to detect it, you can search some incoherences to your traffic messages: TCP packets with bad numbers, arp and mac spoofing...
    The hi-jack by itself can't, by definition, be detected. You can only detect some ways an intruder use to monitor and attack your connection.
    Life is boring. Play NetHack... --more--

  4. #4
    Banned
    Join Date
    Jul 2002
    Posts
    877
    Hey if your haveing problems or you are worried about intruders and potentially deadly code that can take over systems then you need to check for funny activities in your ports, get a firewall, & get anti-virus that can remove trojans.

  5. #5
    Senior Member
    Join Date
    Jul 2002
    Posts
    225
    And run arpwatch, man-in-the-middle attacks are scary stuff.
    \"Now it\'s time to erase the story of our bogus fate. Our history as it\'s portrayed is just a recipe for hate!\"
    -Bad Religion

  6. #6
    Junior Member
    Join Date
    Jul 2002
    Posts
    19
    Hi,

    Thx for your suggestions, I'm a novice in the security game and would like to get deeper into the matter. So I'm looking to learn more things, for example what are weird tcp packets? Another example is DDOS-attacks, are there symptoms that you can find of a preparation of an attack. Another question that come to mind is in a DOS-attack is the attacker using trojans that can be detected or is he using another method. I hope that I'm not asking the wrong questions. Please bear with me. Thx for all your replies.

    MrEsco
    Beware of weird people

  7. #7
    Senior Member
    Join Date
    Oct 2001
    Posts
    255
    your computer would do severly strange ****, deleted files, crashing, unknown rebooting, anti virus acting weird, firewall crashing, all it really shouldnt


    Preep
    http://www.attrition.org/gallery/computing/forum/tn/youarenot.gif.html

  8. #8
    AntiOnline Senior Medicine Man
    Join Date
    Nov 2001
    Posts
    724
    Originally posted here by MrEsco
    Hi,

    Another question that come to mind is in a DOS-attack is the attacker using trojans that can be detected or is he using another method.

    MrEsco
    Well, yes and no. A DDoS attack is more likely to use the method that you mentioned. What a DDOS, or Distributed Denial of Service attack, is an attack from multipule systems that have been compromised, to obey the commands of the person or Worm that was placed there. In the case we'll keep it simple and say they are doing a ICMP flood. To put that simply its like the worm or hacker is telling the computer to do ping -l 65000 -t 255.255.255.255.(just an example).Well, with a few hundred systems running this command with all the same target IPit would cause your system to 'crash', cause packet loss, and inturn causing packet loss to everything behind it. Router, Switch, SUBNETS.



    Hope this helps you understand.
    It is better to be HATED for who you are, than LOVED for who you are NOT.

    THC/IP Version 4.2

  9. #9
    Senior Member
    Join Date
    Aug 2002
    Posts
    651
    Yeah, man-in-the-middle attacks are definitely nasty. I was reading about an attack where someone placed some sort of web proxy between a client machine and the actual webserver it was trying to contact, and the client requests were able to be viewed and edited before being forwarded to the ultimate destination. Nasty stuff!
    Opinions are like holes - everybody\'s got\'em.

    Smile

  10. #10
    Senior Member
    Join Date
    Jul 2002
    Posts
    167
    A DoS attack on a linux system can usually be detected by doing a ps aux. You will see a lot of connections from the same IP address or you will see a certain port with a lot of traffic. Its tough to defend against but once you have determined you are under attack you can defend yourself by dropping the IP in the host.deny and using IP chains and IP tables. Once that is taken care of you can call your upstream ISP to have them filter it out.

    Nathan

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides