Discussion on the mode of traffic injection attack

Objective:

The goal of hacking is generally divided into two categories: one is to gain control of the system, remote monitoring or "command" your system, and the second is to steal your secret information, in the absence of completion of the target, hackers need "silent no Trace", the invasion of the secret, can not let the support found. Intrusion is not the same as attack, and intrusion is often the prophase work of attack.

Commonly used password-cracking, buffer overflow is the way of direct intrusion, traffic injection is the opportunity to get intrusion by inserting information into the traffic of your system. This way hidden in your normal network traffic, there is a strong concealment, can be inserted with a beautiful picture of the Trojan, Can be the normal selection button to start after the special code, can also induce your phishing links ...

The most common type of traffic injection attack is SQL injection, which, through your system's legitimate input window, uses programming query language vulnerabilities to inject the attacker's commands and, in addition, the current popular XPath injection.

Here is a direct hijacking of the user computer network traffic injection-type attack.

Step one: Get the flow control (get the middleman position)

Allows the user traffic flow through the hacker's controllable point, the hacker can inject own command information to the traffic. Therefore, the hijacking of user traffic is the first step in the traffic injection attack. Here are some common ways to:

Case one: Hackers and users on a local area network

1. Direct Control switch

If there are conditions, hackers can directly control the user's access switch (first intrusion network equipment or network management system), mirror the user's port traffic, if the control of the convergence switch, the user needs to filter out the entire flow of the Mac, and then restore analysis.