Ver:
·
http://en.wikipedia.org/wiki/Replay_attack
Ataque
consistente en capturar una transmisión de datos correcta y reproducirla
posteriormente. Es un ataque típico para capturar secuencias de autenticación
correctas y reproducirlas luego para que el atacante logre los mismos derechos
de acceso.
An attack in which the
Attacker is able to replay previously captured messages (between a legitimate
Claimant and a Verifier) to masquerade as that Claimant to the Verifier or vice
versa.[NIST-SP800-63:2013]
An attack that involves the
capture of transmitted authentication or access control information and its
subsequent retransmission with the intent of producing an unauthorized effect
or gaining unauthorized access. [CNSSI_4009:2010]
(I) An attack in which a
valid data transmission is maliciously or fraudulently repeated, either by the
originator or by a third party who intercepts the data and retransmits it,
possibly as part of a masquerade attack. (See: active wiretapping, fresh,
liveness, nonce. Compare: indirect attack, reflection attack.) [RFC949:2007]
Where dialogue between the
authentication system and main system is intercepted and replayed into the main
system by an attacker at a later date. This includes for instance an attacker
connecting a PC that appears to perform a password hashing function but in fact
merely transmits a previously intercepted hash value.
A replay attack is a form of
network attack in which a valid data transmission is maliciously or
fraudulently repeated or delayed. This is carried out either by the originator
or by an adversary who intercepts the data and retransmits it, possibly as part
of a masquerade attack by IP packet substitution (such as stream cipher
attack).
http://en.wikipedia.org/wiki/Replay_attack