Spoofing versus Hijacking

Spoofing and hijacking are similar, but there are some differences worth pointing out. A spoofing attack (see Chapter 4, “Spoofing”) is different from a hijack in that an attacker is not actively taking another user offline to perform the attack. Instead, he pretends to be another user or machine to gain access. While an attacker is doing this, the party he is spoofing can be at home or away on vacation for that matter—the real user plays no role in the attack. Therefore, the attacker is not actively launching an attack against a user’s session. With hijacking, an attacker is taking over an existing session, which means he is relying on the legitimate user to make a connection and authenticate. Then, he can take over ...

Get Hackers Beware now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.