Intrusion Analysis And Its Security Model Based On The Cookie Spoofing Session Penetration

Cookie remedies the non-state flaw of HTTP protocol. Web client and server can keep sessions through some unique cookie strings to distinguish states from each other. This paper pointed out a typical limitation of this cookie-based session management mechanism,described the principium of session penetration vulnerability based on cookie snooping in common Web environments,and gives some preventing and detecting measures. It also designed and implemented a LAN session penetration & IDS system,using network spoofing.Session penetration invasion,as sending snooped cookies to exchange data with servers without session authorization,occurs with the reason that all of the Web script engines would not check the cookies from different clients with different IP addresses. If an illegal user spoofed a cookie of session id,it may send it to Web server to inject into the session which the cookie presents. A web script engine generates session-id cookies through some independent secret algorism. If this process can be guessed or simulated,it means other client hosts can also generate the same cookies exactly to launch session penetration invasions with out network spoofing in advance.Precaution to session penetration invasion chiefly dependents on reforming web script engine,include adding IP verification,to ease the load of personnel staffs handwork programming of certification. And detection of session penetration invasion needs to carry some substantial probing on IDS composition rules. This paper thoroughly discusses the design and implementation of a typical session penetration IDS based on network spoofing,this section also is the main substance of session's security model research,which is made up by the analysis,precaution and detection of the invasions.