Home > CAPEC List > CAPEC-117: Interception (Version 2.10)  

CAPEC-117: Interception

 
Interception
Definition in a New Window Definition in a New Window
Attack Pattern ID: 117
Abstraction: Meta
Status: Stable
Completeness: Complete
Presentation Filter:
+ Summary

An adversary monitors data streams to or from a target in order to gather information. This attack may be undertaken to gather information to support a later attack or the data collected may be the end goal of the attack. This attack usually involves sniffing network traffic, but may include observing other types of data streams, such as radio. In most varieties of this attack, the attacker is passive and simply observes regular communication, however in some variants the attacker may attempt to initiate the establishment of a data stream or influence the nature of the data transmitted. However, in all variants of this attack, and distinguishing this attack from other data collection methods, the attacker is not the intended recipient of the data stream. Unlike some other data leakage attacks, the attacker is observing explicit data channels (e.g. network traffic) and reading the content. This differs from attacks that collect more qualitative information, such as communication volume, or other information not explicitly communicated via a data stream.

+ Attack Prerequisites
  • For an interception attack to be possible, the target must be transmitting data over a medium that is accessible to the adversary. Any target that transmits information over a public network is potentially vulnerable to this type of attack.

+ Typical Severity

Medium

+ Typical Likelihood of Exploit

Likelihood: Low

+ Resources Required

The attacker must have the necessary technology to intercept information passing between the nodes of a network. For TCP/IP, the capability to run tcpdump, ethereal, etc. can be useful. Depending upon the data being targeted the technological requirements will change.

+ Solutions and Mitigations

Leverage encryption to encode the transmission of data thus making it accessible only to authorized parties.

+ Attack Motivation-Consequences
ScopeTechnical ImpactNote
Confidentiality
Read application data
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
Modifications
ModifierOrganizationDateCommentsSource
CAPEC Content TeamThe MITRE Corporation2017-05-01Updated Activation_Zone, Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact, Related_Weaknesses, Solutions_and_Mitigations, Typical_Likelihood_of_ExploitInternal
More information is available — Please select a different filter.
Page Last Updated or Reviewed: May 01, 2017