Abstract
Nowadays almost every website use a membership based portal in which each user have a series of permissions that allow him to conduct several actions, in order to check which user has which permissions they use a SessionID this ID allows the web portal to identify the user and grant him the permissions and the information that they need or paid for, this SessionID is sent by HTTP requests so if a third person is able to successfully sniff a package and extract the SessionID, this person will be able to access to the system using the permissions of that member. ARP Spoofing it’s a well-known method for sniffing packets although there are effective and easy methods to protect it such as, Static ARP, IDS/IPS systems, port security and other mechanisms of protection. This paper aims to show a technique in sniffing data on a LAN environment without the use of ARP Spoofing in order to be undetectable, unpreventable and effective all focused on Session Hijacking.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Sans Institute.: SSL Man-in-the-Middle Attack (2002). https://www.sans.org/reading-room/whitepapers/threats/ssl-man-in-the-middle-attacks-480
Chomsiri, T.: Sniffing packets on LAN without ARP Spoofing. In: Third International Conference on Convergence and Hybrid Information Technology, ICCIT 2008. IEEE Xplore (2008)
Veritablelife: Session Hijacking Tutorial (2010). http://www.veritablelife.com/2010/10/29/session-hijacking-tutorial/
Noiumkar, P.: Top 10 free web-mail security test using session Hijacking. In: Proceeding of International Conference on Convergence and hybrid Information Technology, Busan, Korea (2008)
Song, D.: ARP Spoof. https://sourceforge.net/projects/cookie-monster/files/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Albarracin, C., Reyes Daza, B.S., Salcedo Parra, O.J. (2016). Information and Identity Theft Without ARP Spoofing in LAN Environments. In: Dang, T., Wagner, R., Küng, J., Thoai, N., Takizawa, M., Neuhold, E. (eds) Future Data and Security Engineering. FDSE 2016. Lecture Notes in Computer Science(), vol 10018. Springer, Cham. https://doi.org/10.1007/978-3-319-48057-2_11
Download citation
DOI: https://doi.org/10.1007/978-3-319-48057-2_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-48056-5
Online ISBN: 978-3-319-48057-2
eBook Packages: Computer ScienceComputer Science (R0)