T 5.26 Analysis of the message flow

By a traffic flow analysis, an attacker tries to find out who sent what data volumes to whom.at what time and how often. Even if an eavesdropper cannot read the contents of the message, it is possible to draw conclusions about the behaviour of users. The information regarding the date and time a message is created can be analysed to a personality profile of the sender. Address collectors from address companies also search for e-mail and postal addresses to which unsolicited advertising can be sent.

Within ISDN (Integrated Services Digital Network), the D-channel of a connection, used for signalling between terminal devices and the exchange, is particularly vulnerable to intrusions. An analysis of the signalling by a protocol sniffer not only allows the drawing of conclusions about the behaviour of a user (e.g. who phones when, to whom, and for how long?), but also can be used to prepare more complex attacks via the D-channel.

© Federal Office for Information Security. All rights reserved.