CAPEC-322: TCP (ISN) Greatest Common Divisor Probe

攻击模式描述

This OS fingerprinting probe sends a number of TCP SYN packets to an open port of a remote machine. The Initial Sequence Number (ISN) in each of the SYN/ACK response packets is analyzed to determine the smallest number that the target host uses when incrementing sequence numbers. This information can be useful for identifying an operating system because particular operating systems and versions increment sequence numbers using different values. The result of the analysis is then compared against a database of OS behaviors to determine the OS type and/or version.

前提条件

• The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card.

所需资源

• A tool capable of sending and receiving packets from a remote system.

后果影响