Dark Mode

Settings

Capec-312 Detail

Active OS Fingerprinting

Standard Software Likelihood: Medium Typical Severity: Low

Parents: 224

Children: 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332

Threats: T60 T80 T258 T288 T291 T302 T334 T392 T407

Description

An adversary engages in activity to detect the operating system or firmware version of a remote target by interrogating a device, server, or platform with a probe designed to solicit behavior that will reveal information about the operating systems or firmware in the environment. Operating System detection is possible because implementations of common protocols (Such as IP or TCP) differ in distinct ways. While the implementation differences are not sufficient to 'break' compatibility with the protocol the differences are detectable because the target will respond in unique ways to specific probing activity that breaks the semantic or logical rules of packet construction for a protocol. Different operating systems will have a unique response to the anomalous input, providing the basis to fingerprint the OS behavior. This type of OS fingerprinting can distinguish between operating system types and versions.

Not present

External ID Source Link Description
CAPEC-312 capec https://capec.mitre.org/data/definitions/312.html
CWE-200 cwe http://cwe.mitre.org/data/definitions/200.html
T1082 ATTACK https://attack.mitre.org/wiki/Technique/T1082 System Information Discovery
REF-33 reference_from_CAPEC Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill
REF-128 reference_from_CAPEC http://www.faqs.org/rfcs/rfc793.html Defense Advanced Research Projects Agency Information Processing Techniques Office, Information Sciences Institute University of Southern California, RFC793 - Transmission Control Protocol, 1981--09, Defense Advanced Research Projects Agency (DARPA)
REF-212 reference_from_CAPEC Gordon "Fyodor" Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (3rd "Zero Day" Edition,), 2008, Insecure.com LLC
REF-130 reference_from_CAPEC http://phrack.org/issues/51/11.html Gordon "Fyodor" Lyon, The Art of Port Scanning (Volume: 7, Issue. 51), Phrack Magazine, 1997

Not present

  1. The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card.
  1. Any type of active probing that involves non-standard packet headers requires the use of raw sockets, which is not available on particular operating systems (Microsoft Windows XP SP 2, for example). Raw socket manipulation on Unix/Linux requires root privileges. A tool capable of sending and receiving packets from a remote system.

Not present

Authorization Access Control Confidentiality
Hide Activities Hide Activities Read Data
Hide Activities

Not present

We use cookies to ensure you get the best experience on our website.