A type of attack where an intruder takes control of an existing communication session between a server and a legitimate user who has connected and authenticated with the server. The intruder can monitor the session passively recording the transfer of sensitive information such as passwords and code. Another type of hijacking involves an active attack done by forcing the user offline (with a Denial of Service attack) and taking over the session. The intruder begins acting like the user, executing commands, and sending information to the server.