Sniffing Information Sent Over Public/multicast Networks
Attack Pattern ID: 158 (Standard Attack Pattern Completeness: Stub)Typical Severity: MediumStatus: Draft
+ Description


An attacker monitoring network traffic between nodes of a public or multicast network. The attacker need not be able to prevent reception or change content but must simply be able to observe and read the traffic. The attacker might precipitate or indirectly influence the content of the observed transaction, but the attacker is never the intended recipient of the information. This differs from other sniffing attacks in that it is over a public network rather via some other communications channel, such as radio.

+ Attack Prerequisites

Any target that transmits readable data over a public or multicast network could be attacked in this way. Cryptographic techniques that render a data-stream unreadable can thwart this type of attack.

+ Resources Required

The attacker must be able to intercept the transmissions containing the data of interest. Depending on the network topology between the recipients, placement of listening equipment may be challenging (such as if both the sender and recipient are members of a single subnet and therefore the listener must also be attached to that subnet.

+ Related Attack Patterns
NatureTypeIDNameDescriptionView(s) this relationship pertains toView\(s\)
ChildOfAttack PatternAttack Pattern157Sniffing Attacks 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern65Passively Sniff and Capture Application Code Bound for Authorized Client 
Mechanism of Attack (primary)1000