CAPEC-331: ICMP IP Total Length Field Probe

攻击模式描述

An adversary sends a UDP packet to a closed port on the target machine to solicit an IP Header's total length field value within the echoed 'Port Unreachable" error message. This type of behavior is useful for building a signature-base of operating system responses, particularly when error messages contain other types of information that is useful identifying specific operating system responses.

前提条件

• The ability to monitor and interact with network communications. Access to at least one host, and the privileges to interface with the network interface card.

所需资源

• A tool capable of sending/receiving UDP datagram packets from a remote system to a closed port and receive an ICMP Error Message Type 3, "Port Unreachable."

后果影响