An attacker monitors data streams to or from a target in order to gather
information. This attack may be undertaken to gather information to support
a later attack or the data collected may be the end goal of the attack. This
attack usually involves sniffing network traffic, but may include observing
other types of data streams, such as radio. In most varieties of this
attack, the attacker is passive and simply observes regular communication,
however in some variants the attacker may attempt to initiate the
establishment of a data stream or influence the nature of the data
transmitted. However, in all variants of this attack, and distinguishing
this attack from other data collection methods, the attacker is not the
intended recipient of the data stream. Unlike some other data leakage
attacks, the attacker is observing explicit data channels (e.g. network
traffic) and reading the content. This differs from attacks that collect
more qualitative information, such as communication volume, or other
information not explicitly communicated via a data stream.
Attack Prerequisites
All targets that transmit information over a network is potentially
vulnerable to this attack.
Resources Required
The attacker must have the necessary technology to intercept information
passing between the nodes of a network. For TCP/IP, the capability to run
tcpdump, ethereal, etc. can be useful. Depending upon the data being targeted
the technological requirements will change.
Vision and Technical Leadership provided by Cigital, Inc.
This Web site is hosted by The MITRE Corporation.
Copyright 2009, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation.
Description
