• source quench

• echo-reply

echo

• unreachable

• Someone inadvertently clicks on a hidden iFrame.

• Encrypted data is decrypted.

An email can be used to bring malware to a host.

• It can be used to encode stolen data and send to a threat actor.

Bitcoin

BitTorrent

• Wireshark

• Darknet

• Snort

HTTP

• ARP

• DHCP

• DNS

• UDP infiltration

ICMP tunneling

• HTTPS traffic encryption

• iFrame injection

• HTTPS dynamically changes the port number on the web server.

• HTTPS uses tunneling technology for confidentiality.

• HTTPS hides the true source IP address using NAT/PAT.

HTTPS conceals data traffic through end-to-end encryption.

• Use a Linux-based server.

Use syslog-ng.

• Create an ACL that permits only TCP traffic to the syslog server.

• Use a VPN between a syslog client and the syslog server.