Security questions for research paper
Results 1 to 9 of 9

Thread: Security questions for research paper

  1. #1
    Junior Member
    Join Date
    Sep 2003
    Posts
    6

    Security questions for research paper

    Can someone give me (or give me links to) good, in-depth, technical explanations for how session hijacking works? I did a Google search but couldn't find the info I want.

    I have to do a very detailed, LONG research paper, and I decided to do it on some network/web security issues. I'm also researching cross-site scripting and SQL injection, so if anybody knows of any information about how those work, I'd appreciate it. I can find lots of info on those two issues, but once again it's not as technical as I'd like it to be. I'd like to find explanations as how to how these attacks work at the very lowest level.

    I know absolutely NOTHING about these issues and that's exactly why I chose them for my research project. I enjoy learning new things and I enjoy learning with as much detail and analysis as possible.

    Regards,

    yournightmare

  2. #2
    Senior Member
    Join Date
    Aug 2002
    Posts
    239
    Aside from the various articles here at AO, this may be useful

    http://www.governmentsecurity.org/ar...yItMatters.php

    Good luck
    It\'s 106 miles to Chicago, we\'ve got a full tank of gas, half a pack of cigarettes, it\'s dark and we\'re wearing sunglasses.

    Hit it!

  3. #3

  4. #4
    Junior Member
    Join Date
    Oct 2003
    Posts
    26

  5. #5
    Junior Member
    Join Date
    Sep 2003
    Posts
    6
    Thanks y'all. Once I research these topics some, I might have some questions I still need answered. Is the Network Security forum a good forum to ask questions on these particular topics?

    Thanks again!

  6. #6
    You also might want to search with the query of 'sequence number guessing' or something along those lines.

  7. #7
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    memory gave a link to sans.org That is probably the best possible site to find information you might be looking for.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  8. #8
    Senior Member
    Join Date
    Mar 2003
    Posts
    245
    Install a BSD or Linux if you don't already have one, and go to freshmeat.net and get dsniff. Full explanation of 'Man-in-the-middle' attacks are given in the docs that come with the source. The best scenario for playing with this concept is to bring three boxes into the picture. A target, a victim, and a launch host. If you can manage this, it turns out to be very instructive as you get to see what effect it has on each system.

    If you are talking about TCP/IP hijacking, I wouldn't waste my time on it beyond reading how it was done in the day. All OS's except Windows have full compliance with the RFC's and now implement random random positive, or truly random incrementing sequence ID's. Back in the 'day' you could DoS the host you wanted to pretend to be so it couldn't send RST, but you still had the problem of predicting the next sequence ID (which you would have tried to determine the pattern pre-attack). Today predicting that sequence ID is next to impossible (unless of course you are dealing with Windows), but good for historical reference I suppose.
    Get OpenSolaris http://www.opensolaris.org/

  9. #9
    Senior Member
    Join Date
    Mar 2003
    Posts
    245
    Windows XP

    Code:
    Remote operating system guess: Windows 2000/XP/ME
    OS Fingerprint:
    TSeq(Class=RI%gcd=1%SI=3041%IPID=I%TS=0)
    T1(Resp=Y%DF=Y%W=FAF0%ACK=S++%Flags=AS%Ops=MNWNNT)
    T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
    T3(Resp=Y%DF=Y%W=FAF0%ACK=S++%Flags=AS%Ops=MNWNNT)
    T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
    T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
    T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
    T7(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
    PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
    
    TCP Sequence Prediction: Class=random positive increments
                             Difficulty=12353 (Worthy challenge)
    TCP ISN Seq. Numbers: 6CF0007E 6CF18A04 6CF29ACF 6CF39964 6CF4DCDD 6CF60D6E
    IPID Sequence Generation: Incremental
    Linux (RedHat 9, Latest Patches and Kernel)
    Code:
    Remote operating system guess: Linux Kernel 2.4.0 - 2.5.20
    OS Fingerprint:
    TSeq(Class=RI%gcd=1%SI=24479C%IPID=Z%TS=100HZ)
    T1(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
    T2(Resp=N)
    T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
    T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
    T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
    T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
    T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
    PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
    
    Uptime 26.080 days (since Sat Sep 20 19:14:03 2003)
    TCP Sequence Prediction: Class=random positive increments
                             Difficulty=2377628 (Good luck!)
    TCP ISN Seq. Numbers: 37D728F 310BEB8 303759F 35927AF 30A6889 37E178A
    IPID Sequence Generation: All zeros
    I stand partially corrected on my previous comment about Windows and the seq. ID's it generates.

    [ Note, use of code tag for formatting ]
    Get OpenSolaris http://www.opensolaris.org/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides