Understanding Session Hijacking 293
You may see questions on the exam that test your ability to discriminate
between two related concepts. IP spoofing is a concept that can apply
to many different scenarios, such as a loss of return traffic flow on an
attempted session hijacking. Read each question completely before
answering.Source Routing In contrast to normal packet routing, source routing (Figure 12.5)
ensures that injected packets are sent via a selected routing path. By using source routing,
an attacker chooses the routing path that is most advantageous to the intended attack. For
example, an attacker attempting to spoof or masquerade as a legitimate host can use source
routing to direct packets to the server in a path identical to the victim’s machine.
FIGURE 12.5 Source routing
Source
RouteNormal
RouteDNS Spoofing DNS spoofing is a technique in which an attacker alters a victim’s IP
address mappings in an effort to direct the victim machine’s traffic to an address the
attacker specifies. This is a fairly simplified explanation, but the concept and intent are the
same in all variations of this technique. Later in the section “Network Session Hijacking,”
you’ll see how DNS spoofing also applies to hijacking vulnerable web applications.
ARP Cache Poisoning ARP cache poisoning was covered in Chapter 9, but here’s a brief
review. ARP is responsible for translating MAC addresses to IP addresses, or vice versa
(known as reverse ARP, or RARP). An ARP cache poisoning attack overwrites a victim’s
ARP cache, thereby redirecting traffic to an inaccurate physical address mapping, usually
the attacker’s machine. This in turn puts the attacker’s machine in the logical middle of all
communications between the victim’s machine and the authenticated host. ARP cache poi-
soning, as you’ve probably already deduced, is conceptually very similar to DNS spoofing.
The goal is to manipulate the traffic flow based on directional data stored in the host.
Desynchronizing the Connection Referring once again to our TCP three-way hand-
shake, when a client and a host are initializing a connection, they exchange packets that
set the sequence for further data transfer. Each packet in this continuous transfer has a