CAPEC-332: ICMP IP 'ID' Field Error Message Probe

Detailed Stable 严重程度: Low 攻击可能性: Medium

CAPEC版本: 3.9

更新日期: 2023-01-24

攻击模式描述

An adversary sends a UDP datagram having an assigned value to its internet identification field (ID) to a closed port on a target to observe the manner in which this bit is echoed back in the ICMP error message. This allows the attacker to construct a fingerprint of specific OS behaviors.

前提条件

The ability to monitor and interact with network communications. Access to at least one host, and the privileges to interface with the network interface card.

所需资源

A tool capable of sending/receiving UDP datagram packets from a remote system to a closed port and receive an ICMP Error Message Type 3, "Port Unreachable."

后果影响

影响范围: Confidentiality

技术影响: Read Data

影响范围: Confidentiality Access Control Authorization

技术影响: Bypass Protection Mechanism

关键信息

CAPEC ID: CAPEC-332

抽象级别: Detailed

状态: Stable

典型严重程度: Low

攻击可能性: Medium

CAPEC-332: ICMP IP 'ID' Field Error Message Probe

攻击模式描述

前提条件

所需资源

后果影响

关键信息

相关攻击模式

相关CWE弱点

CAPEC-332: ICMP IP 'ID' Field Error Message Probe

攻击模式描述

前提条件

所需资源

后果影响

关键信息

相关攻击模式

ChildOf CAPEC-312

相关CWE弱点