encryption goes a long way to defeating both problems, unless the attacker modifies the data flowing both directions to become a man in the middle (including beating whatever crypto authentication mechanism is in place) the data injected into the session will just corrupt the dataflow, not do anything useful for the attacker
the only advantage this new attack has is that you can inject data without being in the middle of the connection, although you do somehow need to figure out the source port number of a connection.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds