[Snort-users] Tcp session hijacking

waldo kitty wkitty42 at ...14940...
Sun Aug 17 12:55:48 EDT 2014

On 8/17/2014 5:37 AM, Meysam Farazmand wrote:
> Hi all,
> I used "check_session_hijacking" in stream5 preprocessor for session hijacking
> attacks detection and launched a mitm attack. But snort did not detect it.

session hijacking and mitm are not the same...

session hijacking is where you take over or continue with someone's existing or 
previous session...

mitm is where you are in the middle and have valid sessions with both parties 
and pass their traffic across while doing what you want with it in the middle...

  NOTE: No off-list assistance is given without prior approval.
        Please *keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

More information about the Snort-users mailing list