Dark Mode
Capec-481 Detail
Contradictory Destinations in Traffic Routing Schemes
Standard Communications Software Likelihood: Medium Typical Severity: High
Parents: 161
Threats: T68 T274 T276 T297 T393 T395
Adversaries can provide contradictory destinations when sending messages. Traffic is routed in networks using the domain names in various headers available at different levels of the OSI model. In a Content Delivery Network (CDN) multiple domains might be available, and if there are contradictory domain names provided it is possible to route traffic to an inappropriate destination. The technique, called Domain Fronting, involves using different domain names in the SNI field of the TLS header and the Host field of the HTTP header. An alternative technique, called Domainless Fronting, is similar, but the SNI field is left blank.
Not present
| External ID | Source | Link | Description |
|---|---|---|---|
| CAPEC-481 | capec | https://capec.mitre.org/data/definitions/481.html | |
| CWE-923 | cwe | http://cwe.mitre.org/data/definitions/923.html | |
| T1090.004 | ATTACK | https://attack.mitre.org/wiki/Technique/T1090/004 | Proxy:Domain Fronting |
Not present
- An adversary must be aware that their message will be routed using a CDN, and that both of the contradictory domains are served from that CDN.
- If the purpose of the Domain Fronting is to hide redirected C2 traffic, the C2 server must have been created in the CDN.
Not present
| Medium |
|---|
| The adversary must have some knowledge of how messages are routed. |
| Confidentiality |
|---|
| Read Data |
| Modify Data |
Not present