IDS mailing list archives
RE: Session Hijacking
From: Omar Herrera <oherrera () prodigy net mx>
Date: Mon, 07 Mar 2005 19:04:10 -0600
-----Original Message----- From: Dragos Ruiu [mailto:dr () kyx net]Question, I am learning about session hijacking, and I was wondering if an IPS has the capabilities to detect and prevent this type of attack? If so how exactly would the IPS prevent a session hijacking?It's pretty much impossible to prevent full-knowledge session hijacking when the hijacker is on a local network with who he is hijacking. You pretty much have to be their switch.It's an administrative hassle... but locking down mac addresses to switch physical ports _is_ a good idea... and raises the bar on hijacking.
And with some money, resources and a lot of patience, 802.1x might raise it even further. This way, you effectively lock down port access without having to manually lock them down on your switches. 2 more cents... Omar Herrera -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Session Hijacking Terry Ray (Mar 02)
- Re: Session Hijacking Mike Frantzen (Mar 04)
- Re: Session Hijacking Dragos Ruiu (Mar 06)
- RE: Session Hijacking Angel L Rivera (Mar 07)
- Re: Session Hijacking Dragos Ruiu (Mar 09)
- Re: Session Hijacking Dragos Ruiu (Mar 09)
- RE: Session Hijacking Angel L Rivera (Mar 09)
- Re: Session Hijacking Dragos Ruiu (Mar 10)
- Re: Session Hijacking Dragos Ruiu (Mar 06)
- Re: Session Hijacking Mike Frantzen (Mar 04)
- RE: Session Hijacking Omar Herrera (Mar 07)