Home > CAPEC List > CAPEC-594: Traffic Injection (Version 2.11)  

CAPEC-594: Traffic Injection

 
Traffic Injection
Definition in a New Window Definition in a New Window
Attack Pattern ID: 594
Abstraction: Meta
Status: Stable
Completeness: Complete
Presentation Filter:
+ Summary

An adversary injects traffic into the target's network connection. The adversary is therefore able to degrade or disrupt the connection, and potentially modify the content. This is not a flooding attack, as the adversary is not focusing on exhausting resources. Instead, the adversary is crafting a specific input to affect the system in a particular way.

+ Attack Prerequisites
  • The target application must leverage an open communications channel.

  • The channel on which the target communicates must be vulnerable to interception (e.g., man in the middle attack).

+ Resources Required

A tool, such as a MITM Proxy, that is capable of generating and injecting custom inputs to be used in the attack.

+ Attack Motivation-Consequences
ScopeTechnical ImpactNote
Availability
DoS: crash / exit / restart
The injection of specific content into a connection can trigger a disruption in that communications channel, thereby denying availability of the service.
Integrity
Other
An adversary's injection of additional content into a communication channel negatively impacts the integrity of that channel.
+ Content History
Submissions
SubmitterDateSource
Seamus Tuohy2017-01-03External_Submission
Modifications
ModifierOrganizationDateCommentsSource
CAPEC Content TeamThe MITRE Corporation2017-05-01Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Resources_RequiredInternal

More information is available — Please select a different filter.
Page Last Updated or Reviewed: July 31, 2017