The Network IDPS administrator will ensure IP hijacking signatures have been implemented with the common default signatures.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-18513	NET-IDPS-008	SV-20048r1_rule	ECSC-1	Medium

Description
There are a number of publicly available tools that exist to facilitate the hijacking of TCP sessions. An attacker using such tools can determine the TCP sequence and acknowledgement numbers that two hosts are using in a communication session. This information could enable the attacker to take over the legitimate network connection of an authorized user and inject commands into the session. This is particularly serious because most forms of one-time passwords do not prevent this access.

Description

There are a number of publicly available tools that exist to facilitate the hijacking of TCP sessions. An attacker using such tools can determine the TCP sequence and acknowledgement numbers that two hosts are using in a communication session. This information could enable the attacker to take over the legitimate network connection of an authorized user and inject commands into the session. This is particularly serious because most forms of one-time passwords do not prevent this access.

STIG	Date
IDS/IPS Security Technical Implementation Guide	2013-10-08

Details

Check Text ( C-21281r1_chk )
Ask the SA to identify the signature that protects against IP hijacking of TCP sessions. Ensure the signature is current.

Fix Text (F-19107r1_fix)
Implement the latest signature from vendor that protects against IP hijacking of TCP sessions.