Ver:
·
http://en.wikipedia.org/wiki/Replay_attack
Ataque
consistente en capturar una transmisión de datos correcta y reproducirla
posteriormente. Es un ataque típico para capturar secuencias de autenticación
correctas y reproducirlas luego para que el atacante logre los mismos derechos
de acceso.
An attack in
which the Attacker is able to replay previously captured messages (between a
legitimate Claimant and a Verifier) to masquerade as that Claimant to the
Verifier or vice versa.[NIST-SP800-63:2013]
An attack that
involves the capture of transmitted authentication or access control
information and its subsequent retransmission with the intent of producing an
unauthorized effect or gaining unauthorized access. [CNSSI_4009:2010]
(I) An attack in
which a valid data transmission is maliciously or fraudulently repeated, either
by the originator or by a third party who intercepts the data and retransmits
it, possibly as part of a masquerade attack. (See: active wiretapping, fresh,
liveness, nonce. Compare: indirect attack, reflection attack.) [RFC949:2007]
Where dialogue
between the authentication system and main system is intercepted and replayed
into the main system by an attacker at a later date. This includes for instance
an attacker connecting a PC that appears to perform a password hashing function
but in fact merely transmits a previously intercepted hash value.
A replay attack
is a form of network attack in which a valid data transmission is maliciously
or fraudulently repeated or delayed. This is carried out either by the
originator or by an adversary who intercepts the data and retransmits it,
possibly as part of a masquerade attack by IP packet substitution (such as
stream cipher attack).
http://en.wikipedia.org/wiki/Replay_attack
Temas relacionados