Packet injection explained

Packet injection (also known as forging packets or spoofing packets) in computer networking, is the process of interfering with an established network connection by means of constructing packets to appear as if they are part of the normal communication stream. The packet injection process allows an unknown third party to disrupt or intercept packets from the consenting parties that are communicating, which can lead to degradation or blockage of users' ability to utilize certain network services or protocols. Packet injection is commonly used in man-in-the-middle attacks and denial-of-service attacks.

Capabilities

By utilizing raw sockets, NDIS function calls, or direct access to a network adapter kernel mode driver, arbitrary packets can be constructed and injected into a computer network. These arbitrary packets can be constructed from any type of packet protocol (ICMP, TCP, UDP, and others) since there is full control over the packet header while the packet is being assembled.

General procedure

Uses

Packet injection has been used for:

Detecting packet injection

Through the process of running a packet analyzer or packet sniffer on both network service access points trying to establish communication, the results can be compared. If point A has no record of sending certain packets that show up in the log at point B, and vice versa, then the packet log inconsistencies show that those packets have been forged and injected by an intermediary access point. Usually TCP resets are sent to both access points to disrupt communication.[2] [3] [4]

Software

See also

External links

References

  1. Book: Gu . Qijun . Liu . Peng . Zhu . Sencun . Chu . Chao-Hsien . GLOBECOM '05. IEEE Global Telecommunications Conference, 2005 . Defending against packet injection attacks unreliable ad hoc networks . November 2005 . 3 . 5 pp.– . 10.1109/GLOCOM.2005.1577966 . 0-7803-9414-3 . 6631918 . http://s2.ist.psu.edu/paper/cross-TR.pdf . en . 1930-529X.
  2. Web site: Packet Forgery by ISPs: A Report on the Comcast Affair. 28 November 2007.
  3. Web site: Detecting packet injection: A guide to observing packet spoofing by ISPs. 27 November 2007.
  4. Detecting forged TCP reset packets . Weaver. Nicolas . Sommer . Robin . Paxson . Vern . September 2009 . San Diego, California, USA . Proceedings of the Network and Distributed System Security Symposium, NDSS 2009, 8th February - 11th February 2009.