NetFlood: "Session hijacking. What a powerful name. For me personally, the name conjures up mental pictures of airplanes with masked gunmen and bomb-laden buses. In actuality, session
hijacking is far less physically dangerous and way more financially rewarding. The risk of a SWAT team shooting you while you are hijacking a session is also extremely low as
opposed to hijacking airplanes. When people complain about the problems with the TCP/IP protocol suite, this attack method is one of the reasons. This attack is also one of the
reasons client/server (host-to-host) communication encryption schemes should be used even in internal network communications. Session Hijacking is nothing new. In fact, the
attack itself was first conceived and discussed in 1989 but unfortunately it is an attack that is just as dangerous now as it was back then. Without further ado (or sensationalism); here's the story."
July 12, 2001