What is Session Hijacking
Session hijacking is a combination of interception and injection. It allows an attacker to avoid password protections by taking over an existing connection once authentication is complete. For example, if I am sniffing your network, I might be aware that you have a Telnet session between your network management system on address 10.0.0.1 and your key system 10.0.0.100. If I send a series of packets to the NMS on 10.0.0.1 that causes you to drop the connection but at the same time continue to send packets to 10.0.0.100 with a spoofed address of 10.0.0.1, I have hijacked the session.