What is tcp/ip hijacking attack, how to prevent tcp/ip hijacking attack?

Tcp/ip hijacking attack is a security attack on a user session over a protected network. For using tcp/ip hijacking attacking, the attacker must first become the "Man-in-the-middle". With the "status" established, the attacker can take over an established session between typically a client and a server. What the attacker need to do is first to impersonate the legitimate client and then disconnect the legitimate client. If the attacker hijacking the session of the administrator, he then does not require any authentication information to do what he wants to do because the administrator was already logged on. This creates a big threat to the system.

To know the nature of tcp/ip hijacking attacking, you need first know a bit about how TCP works. TCP uses sequence numbers to synchronize the session between two network nodes. The number increases with every packet and ensures they are processed in the correct order when received by the target node. In order for the attacker to accomplish a successful TCP/IP hijacking attack and insert malicious data, he must predict these sequence numbers and prevent the original client from sending packets that increase the sequence number.

The attacker can disconnect the client’s established and possibly already authenticated session to the server and attempt to take the client’s place by spoofing the legitimate client’s address. It is possible for attacker to reroute and receive the information from the server by sending the server the false ARP information with the MAC address of the attacker’s system mapped to the IP address of the original client’s system or to change the server’s local routing table by using ICMP Redirect message.

It is easy for Telnet, FTP, DNS and other unencrypted protocols to get attacked. But, by using the encrypted transport protocols such as SSH, SSL, and IPSec, you can lower the risk to get attacked greatly because these encryption protocols use dynamically generated session keys to provide a secure communication channel and make the attacker difficult to predict or steal the keys.