Dark Mode

Settings

Capec-313 Detail

Passive OS Fingerprinting

Standard Software Likelihood: High Typical Severity: Low

Parents: 224

Threats: T60 T80 T258 T288 T291 T302 T334 T392 T407

Description

An adversary engages in activity to detect the version or type of OS software in a an environment by passively monitoring communication between devices, nodes, or applications. Passive techniques for operating system detection send no actual probes to a target, but monitor network or client-server communication between nodes in order to identify operating systems based on observed behavior as compared to a database of known signatures or values. While passive OS fingerprinting is not usually as reliable as active methods, it is generally better able to evade detection.

Not present

External ID Source Link Description
CAPEC-313 capec https://capec.mitre.org/data/definitions/313.html
CWE-200 cwe http://cwe.mitre.org/data/definitions/200.html
T1082 ATTACK https://attack.mitre.org/wiki/Technique/T1082 System Information Discovery
REF-33 reference_from_CAPEC Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill
REF-128 reference_from_CAPEC http://www.faqs.org/rfcs/rfc793.html Defense Advanced Research Projects Agency Information Processing Techniques Office, Information Sciences Institute University of Southern California, RFC793 - Transmission Control Protocol, 1981--09, Defense Advanced Research Projects Agency (DARPA)
REF-212 reference_from_CAPEC Gordon "Fyodor" Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (3rd "Zero Day" Edition,), 2008, Insecure.com LLC
REF-130 reference_from_CAPEC http://phrack.org/issues/51/11.html Gordon "Fyodor" Lyon, The Art of Port Scanning (Volume: 7, Issue. 51), Phrack Magazine, 1997

Not present

  1. The ability to monitor network communications.Access to at least one host, and the privileges to interface with the network interface card.
  1. Any tool capable of monitoring network communications, like a packet sniffer (e.g., Wireshark)

Not present

Authorization Access Control Confidentiality
Hide Activities Hide Activities Read Data
Hide Activities

Not present

We use cookies to ensure you get the best experience on our website.