Hi,
My NIDS is reporting a lot of TCP Hijacks. I have a fault tolerant hosting environment running transactional websites and most of the source addresses are my webservers 1.1.1.x and the destination addresses are my SQL servers 1.1.2.x with the odd destination being 0.0.0.0. There are also a few global addresses that at most trigger 8 Alarm Counts
I've looked around and can't find much on this and the Cisco NSDb only states "The most common network event that may trigger this signature is an idle telnet session. The TCP Hijack attack is a low-probability, high level-of-effort event."
Can anyone shed more light on this?
Thanks in advance
Damian Coverly