|
Hijacking of a connection is even more serious than having a connection tapped. This entails injection of data packets into the network which result in either failure or blocking of the client. The server process is then unable to detect that a different program has now replaced the original client. When an existing connection is taken over in this way after a user has authenticated himself, the adversary can perform any actions he likes in the name of the authenticated person.
Example
There are already a number of programs which allow an existing Telnet connection to be hijacked.
© Copyright
by Bundesamt für Sicherheit in der Informationstechnik |
last update: Januar 2000 |