CAPEC-313: Passive OS Fingerprinting

攻击模式描述

An adversary engages in activity to detect the version or type of OS software in a an environment by passively monitoring communication between devices, nodes, or applications. Passive techniques for operating system detection send no actual probes to a target, but monitor network or client-server communication between nodes in order to identify operating systems based on observed behavior as compared to a database of known signatures or values. While passive OS fingerprinting is not usually as reliable as active methods, it is generally better able to evade detection.

前提条件

• The ability to monitor network communications.Access to at least one host, and the privileges to interface with the network interface card.

所需资源

• Any tool capable of monitoring network communications, like a packet sniffer (e.g., Wireshark)

后果影响

分类映射