Deceive, Detect, Engage

Phantom Network Traffic Generator

This element generates fake network traffic that mimics legitimate communication patterns, but leads to non-existent services or devices. This creates a confusing environment for attackers, making it difficult to distinguish between real and fake traffic.

Engage Goals: EGO0001 Expose, EGO0003 Elicit

Engage Approach: EAP0001 Collect, EAP0002 Detect

Engage Actions: EAC0015 Information Manipulation, EAC0016 Network Manipulation

Name of Element: Phantom Network Traffic Generator

Description of Element:

Technical Context:

Placement: At various points within the organization’s network, including internal segments and DMZs.

This element reinforces the principle of network segmentation and micro-perimeters, as attackers will encounter additional layers of deception while navigating the network.

Other:

Att&ck/Engage Mapping: Network Service Scanning (T1046) / Decoy Traffic (E1502) / Decoy Network (E1505)

Phantom Network Traffic Generator

Leave a Reply Cancel reply

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense