Another form of attack is session hacking or hijacking. TCP session hijacking is a process where a hacker takes over a TCP session between two machines. Because authentication frequently is done only at the start of a TCP session, this allows the hacker to break into the communication stream and take control of the session. For example, a person might log on to a machine remotely. After establishing a connection with the host, the hacker might use session hacking to take over that session and thereby gain access to the target machine.
One popular method for session hacking is using source-routed IP packets. This allows a hacker at point A on the network to participate in a conversation between B and C by encouraging the IP packets to pass through the hacker’s machine.
The most common sort of session hacking is the “man-in-the-middle attack.” In this scenario, a hacker uses some sort of packet-sniffing program to simply listen the transmissions between two computers, taking whatever information he or she wants but not actually disrupting the conversation. A common component of such an attack is to execute a DoS attack against one end point to stop it from responding. Because that end point is no longer responding, the hacker can now interject his own machine to stand in for that end point.
The point of hijacking a connection is to exploit trust and to gain access to a system to which one would not otherwise have access.
Sorts of meeting seizing assaults:
There are two sorts of meeting seizing relying upon how they are finished. In the event that the aggressor legitimately engages with the objective, it is called dynamic capturing, and if an assailant just inactively screens the traffic, it is aloof commandeering.
The assailant will quiet one of the machines, typically the customer PC, and assume control over the customers’ situation in the correspondence trade between the workstation and the server. The dynamic assault additionally permits the assailant to give orders on the system making it conceivable to make new client accounts on the system, which can later be utilized to access the system without playing out the meeting commandeer assault.
In Passive meeting capturing assault, the assailant screens the traffic between the workstation and server. The essential inspiration for the latent assault is to screen organize traffic and possibly find significant information or passwords.