CAPEC-594: Traffic Injection
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
An adversary injects traffic into the target's network connection. The adversary is therefore able to degrade or disrupt the connection, and potentially modify the content. This is not a flooding attack, as the adversary is not focusing on exhausting resources. Instead, the adversary is crafting a specific input to affect the system in a particular way.
前提条件
- The target application must leverage an open communications channel.
- The channel on which the target communicates must be vulnerable to interception (e.g., adversary in the middle attack - CAPEC-94).
所需资源
- A tool, such as a MITM Proxy, that is capable of generating and injecting custom inputs to be used in the attack.
后果影响
影响范围: Availability
技术影响: Unreliable Execution
说明: The injection of specific content into a connection can trigger a disruption in that communications channel, thereby denying availability of the service.
影响范围: Integrity
技术影响: Other
说明: An adversary's injection of additional content into a communication channel negatively impacts the integrity of that channel.