Kev - thanks for your input - I have done session hijack in lab on my ceh course but not on ssl -
i have a ssl vpn deployed and am unsure if i should be concerned about users accesing it from public wifi spots that i have no control over

i am now not sure wether wireless makes any difference to the ssl encryption.

although i suppose if can compromise the wireless n/w then session hijack is easier than doing it for a users coming over dial up - as that would have to be done blind as you can't get the packets back - source based routing won't work.
which leaves me coming back to - is it even possible

thanks jimbob, i guess the question I have is -

 is it possible to do a session hijack on an ssl vpn -

 does the fact that its runs over wireless make any difference.

A question i get asked and i always say don't use wep but -
if a vpn using ssh or even a shopping site using ssh goes over an insecure wirless network either unecrypyted or using wep - is this an issue ?
i know you can sniff it - but its encrypted can you perform a session hijack ? How do you see the ipid's ? is there an issue still with wireles access to a https session

can anyone recommend which exam prep's to buy for the CEH

have a 5 day course and exam coming up and have ceh official books plus exam prep

which should i buy testking / bosun / prep logic ? or not at all ?

thanks....

I have a 5 day course next week and have been studying for about 2 months - with ec council official courseware manual and exam prep

Can anyone recommend buying testking or others - seen several mentioned on this forum ?

rgds