Chapter 8: Session Hijacking
1. What is session hijacking?
2. Why is session hijacking done?
3. What is the difference between session hijacking and IP spoofing?
4. How would an attacker use source routing to hijack a session?
5. How can continuous ACK transfer be stopped?
6. How would an attacker perform TCP session hijacking with packet blocking?
7. What does the command netstat –nra do at a Windows command prompt?
8. What is the default loopback address?
9. Where does a packet go if the address in its destination field is unknown in the route table?
10. What are the two main functions of Hunt?
11. Name five encryption protocols.
12. How common are duplicate packets and retransmission on most TCP/IP networks?
Indicate whether the sentence or statement is true or false.
13. _______ The encryption method involved in SSH and TLS uses three keys.
14. _______ TCP is more vulnerable to hijacking than UDP.
Match these unsafe network protocols with their safer encrypted counterparts:
a. Post Office Protocol (POP3)
b. File Transfer Protocol (FTP)
c. Telnet
d. Internet Message Access Protocol (IMAP)
e. Hypertext Transport Protocol (HTTP)
f. Simple Mail Transfer Protocol (SMTP)
15. _______ POP3 over TLS
16. _______ SMTP over TLS
18. Name a safer, encrypted counterpart to Telnet.
19. Name a safer, encrypted counterpart to File Transfer Protocol (FTP).
20. _______ Secure Hypertext Transport Protocol (HTTPS), SSL