Esc

Network Traffic Filtering

D3-NTF

D3-NTF (Network Traffic Filtering)

Definition

Restricting network traffic originating from any location.

Artifact Relationships:

This defensive technique is related to specific artifacts. Click the artifact node for more information.

json

Technique Subclasses

There are 4 techniques in this category, Network Traffic Filtering.

Name	ID	Definition
Network Traffic Filtering	D3-NTF	Restricting network traffic originating from any location.
- Inbound Traffic Filtering	D3-ITF	Restricting network traffic originating from untrusted networks destined towards a private host or enclave.
- Email Filtering	D3-EF	Filtering incoming email traffic based on specific criteria.
- Outbound Traffic Filtering	D3-OTF	Restricting network traffic originating from a private host or enclave destined towards untrusted networks.

Related ATT&CK Techniques:

These mappings are inferred, experimental, and will improve as the knowledge graph grows.

These offensive techniques are determined related because of the way this defensive technique,, , , and .

Lateral Movement

Remote Services

Remote Desktop Protocol

SSH

Use Alternate Authentication Material

Application Access Token

Web Session Cookie

Exploitation of Remote Services

Internal Spearphishing

Remote Service Session Hijacking

Lateral Tool Transfer

Privilege Escalation

Account Manipulation

Additional Cloud Credentials

Event Triggered Execution

Accessibility Features

Windows Management Instrumentation Event Subscription

Command And Control

Remote Access Tools

Encrypted Channel

Symmetric Cryptography

Asymmetric Cryptography

Proxy

Data Obfuscation

Multi-Stage Channels

Fallback Channels

Data Encoding

Application Layer Protocol

DNS

Web Protocols

Mail Protocols

File Transfer Protocols

Dynamic Resolution

Traffic Signaling

Port Knocking

Web Service

Non-Application Layer Protocol

Ingress Tool Transfer

Protocol Tunneling

Non-Standard Port

Impact

Network Denial of Service

Reflection Amplification

Service Exhaustion Flood

Direct Network Flood

Endpoint Denial of Service

Service Exhaustion Flood

Data Manipulation

Transmitted Data Manipulation

Collection

Adversary-in-the-Middle

LLMNR/NBT-NS Poisoning and SMB Relay

DHCP Spoofing

Browser Session Hijacking

Email Collection

Local Email Collection

Discovery

Remote System Discovery

Persistence

Account Manipulation

Additional Cloud Credentials

Pre-OS Boot

TFTP Boot

BITS Jobs

Traffic Signaling

Port Knocking

Event Triggered Execution

Accessibility Features

Windows Management Instrumentation Event Subscription

Initial Access

Phishing

Spearphishing Attachment

Spearphishing Link

Exploit Public-Facing Application

Trusted Relationship

Drive-by Compromise

Execution

User Execution

Malicious Link

Windows Management Instrumentation

Credential Access

Adversary-in-the-Middle

LLMNR/NBT-NS Poisoning and SMB Relay

DHCP Spoofing

Brute Force

Credential Stuffing

Password Spraying

OS Credential Dumping

DCSync

Steal or Forge Kerberos Tickets

Kerberoasting

Defense Evasion

Use Alternate Authentication Material

Application Access Token

Web Session Cookie

Pre-OS Boot

TFTP Boot

Rogue Domain Controller

BITS Jobs

Traffic Signaling

Port Knocking

System Binary Proxy Execution

CMSTP

Exfiltration

Exfiltration Over Web Service

Exfiltration to Cloud Storage

Exfiltration to Code Repository

Automated Exfiltration

Exfiltration Over Alternative Protocol

Exfiltration Over Symmetric Encrypted Non-C2 Protocol

Exfiltration Over Unencrypted Non-C2 Protocol

Exfiltration Over Asymmetric Encrypted Non-C2 Protocol

Data Transfer Size Limits

Scheduled Transfer

Exfiltration Over C2 Channel

Exfiltration Over Other Network Medium

References

All

Patent

Internet Article

The following references were used to develop the Network Traffic Filtering knowledge-base article.

(Note: the consideration of references does not imply specific functionality exists in an offering.)

Active firewall system and methodology

Reference Type: Patent Organization: McAfee LLC Author: Emilio Villa, Adrian Zidaritz, Michael David Varga, Gerhard Eschelbeck, Michael Kevin Jones, Mark James McArdle

Source:

https://patents.google.com/patent/US6550012B1

Automatically generating rules for connection security

Reference Type: Patent Organization: Microsoft Author: Charles D. Bassett; Eran Yariv; Ian M. Carbaugh; Lokesh Srinivas Koppolu; Maksim Noy; Sarah A. Wahlert; Pradeep Bahl

Source:

https://patents.google.com/patent/US20120054825