Session Hijacking Flashcards Preview

Certified Ethical Hacker v11 > Session Hijacking > Flashcards

Flashcards in Session Hijacking Deck (9)
Loading flashcards...
1
Q

What is blind hijacking?

A

In blind hijacking, a hacker can inject malicious data or commands into the intercepted communications in a TCP session, even if the victim disables source routing. Here, an attacker correctly guesses the next ISN of a computer attempting to establish a connection; the attacker sends malicious data or a command, such as password setting to allow access from another location on the network, but the attacker can never see the response. To be able to see the response, a man-in-the-middle attack works much better.

2
Q

What is Yersinia?

A

Yersinia is a network tool designed to take advantage of weaknesses in different network protocols like DHCP. It pretends to be a solid framework for analyzing and testing the deployed networks and systems.

3
Q

What is DerpNSpoof?

A

DerpNSpoof is a DNS poisoning tool that assists in spoofing the DNS query packet of a certain IP address or a group of hosts in the network

4
Q

What is Vindicate?

A

Vindicate is an LLMNR/NBNS/mDNS spoofing detection toolkit for network administrators. Security professionals use this tool to detect name service spoofing

5
Q

In IPsec, what is Oakley?

A

Oakley is protocol that uses the Diffie–Hellman algorithm to create a master key and a key that is specific to each session in IPsec data transfer.

6
Q

What is token binding?

A

When a user logs into a web application, a cookie with a session ID, called a token, is generated. The user utilizes this random token to send requests to the server and access resources. An attacker can impersonate the user and hijack the connection by capturing and reusing a valid session ID. Token binding protects client–server communication against session hijacking attacks. The client creates a public–private key pair for every connection to a remote server.

7
Q

What is LogRhythm?

A

LogRhythm is a SIEM whose Advanced Intelligence Engine can be used to detect session hijacking attacks.

8
Q

What is IPsec DOI?

A

IPsec DOI (domain of interpretation) instantiates ISAKMP for use with IP when IP uses ISAKMP (Internet Security Association and Key Management Protocol) to negotiate security associations. A DOI document defines many things: a naming scheme for DOI-specific protocol identifiers, the contents of the situation field of the ISAKMP SA payload, the attributes that IKE negotiates in a quick mode, and any specific characteristics that IKE needs to convey.

9
Q

What is IPsec ISAKMP?

A

The Internet Security Association and Key Management Protocol (ISAKMP) allows two computers to communicate by encrypting the data exchanged between them