Maya followed the lab. Her exploit traffic—normally flagged as ET TROJAN Meterpreter —was wrapped in a malformed HTTP GET request with 47 identical X-Forwarded-For headers. The firewall's parser crashed silently (fallback to allow). The web server, written in Python, happily stripped the wrapping and executed the shellcode.
Next, she needed a foothold. A public web server sat on the DMZ. Instead of brute-forcing or vulnerability scanning (both IDS triggers), she browsed it like a normal user, then used HTTP parameter pollution —adding duplicate id parameters to a login form. The web server’s backend merged them in a way that bypassed authentication. The IDS saw only id=123 and id=456 . Normal traffic.
Maya’s skin prickled. Honeypots weren't just traps. They were misdirections. At 3:45 AM, the lecture ended. A final screen appeared: