Information, Computer and Network Security Terms Glossary and Dictionary

 

TCP Connecting Hijacking: MAN-In-The-Middle Attack

TCP Connecting Hijacking is one of the Man-in-the-Middle attacks. With this attack, an attacker can allow normal authentication to proceed between the two hosts, and then seize control of the connection. There are two possible ways to do this: one is during the TCP three-way handshake, and the other is in the middle of an established connection. Connection hijacking exploits a "desynchronized state" in TCP communication. When two hosts are desynchronized enough, they will discard (ignore) packets from each other. An attacker can then inject forged packets with the correct sequence numbers (and potentially modify or add commands to the communication). This requires the attacker to be located on the communication path between the two hosts so that he may eavesdrop, in order to replicate packets being sent.

TCP Connection Hijacking allows attackers to view and change private information.

TCP Connection Hijacking Mitigation

The Connection Hijacking (Man-In-The-Middle) attacks rely upon IP spoofing. By utilizing IPsec VPN at the network layer and by using session and user (or host) authentication and data encryption technologies at the application layer and at the data link layer, the risk of IP Spoofing and then Connection Hijacking will be reduced significantly.

TCP Connection Hijacking (Man-In-The-Middle Attack)

TCP Connection Hijacking (Man-In-The-Middle Attack)

Related Terms

IPsec VPN, Firewall, Connection Hijacking, Man-In-The Middle Attack, Denial of Service, DDOS, TCP, ARP Spoofing, DNS Spoofing