The tighter your network’s security is, the more difficult it is for a hacker to break in. However, hackers tend to be clever and have lots of methods of getting into a network. Prior to Windows 2000, hackers could use a method called a replay attack to break into even some of the most secure […]
The tighter your network’s security is, the more difficult it is for a hacker to break in. However, hackers tend to be clever and have lots of methods of getting into a network.
Prior to Windows 2000, hackers could use a method called a replay attack to break into even some of the most secure networks. Replay attacks are seldom used because of their complexity–often, less-complicated methods work just as well. The problem is that before Windows 2000, there were lots of ways to protect against the less sophisticated attacks, but few (if any) ways to protect against replay attacks.
In a replay attack, a hacker uses a protocol analyzer to monitor and copy packets as they flow across the network. Once the hacker has captured the necessary packets, he can filter them and extract the packets that contain things like digital signatures and various authentication codes. After these packets have been extracted, they can be put back on the network (or replayed), thus giving the hacker access to the desired access.
Replay attacks have existed for a long time. Years ago, replay attacks were simply aimed at stealing passwords. However, given the encryption strength of passwords these days, it’s often easier to steal digital signatures and keys.
| CrossLinks |
|
Windows 2000 provides a way to protect against a replay attack: the IPSec subcomponent called Encapsulating Security Payload (ESP). The IPSec protocol is a security-enabled protocol that’s designed to run on IP networks. IPSec runs at the network level and is responsible for establishing secure communications between PCs. The actual method of providing these secure communications depends on the individual network. However, the method often involves a key exchange. ESP is the portion of IPSec that encrypts the data contained within the packet. This encryption is controlled by an ESP subcomponent called the Security Parameters Index (SPI).
In addition to the encryption, ESP can protect against replay attacks by using a mathematically generated sequence number. When a packet is sent to a recipient, the recipient extracts the sequence number and records the sequence number in a table. Now, suppose a hacker captured and replayed a packet. The recipient would extract the sequence number and compare it against the table that it has been recording. But the packet’s sequence number will already exist in the table, so the packet is assumed to be fraudulent and is therefore discarded. //
Brien M. Posey is an MCSE who works as a freelance writer. His past experience includes working as the director of information systems for a national chain of health care facilities and as a network engineer for the Department of Defense. Because of the extremely high volume of e-mail that Brien receives, it’s impossible for him to respond to every message, although he does read them all.
Enterprise Networking Planet aims to educate and assist IT administrators in building strong network infrastructures for their enterprise companies. Enterprise Networking Planet contributors write about relevant and useful topics on the cutting edge of enterprise networking based on years of personal experience in the field.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
