CAPEC-323: TCP (ISN) Counter Rate Probe
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
This OS detection probe measures the average rate of initial sequence number increments during a period of time. Sequence numbers are incremented using a time-based algorithm and are susceptible to a timing analysis that can determine the number of increments per unit time. The result of this analysis is then compared against a database of operating systems and versions to determine likely operation system matches.
前提条件
- The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card.
所需资源
后果影响
影响范围: Confidentiality
技术影响: Read Data
影响范围: Confidentiality Access Control Authorization
技术影响: Bypass Protection Mechanism