Dark Mode
Capec-319 Detail
IP (DF) 'Don't Fragment Bit' Echoing Probe
Detailed Software Likelihood: Medium Typical Severity: Low
Parents: 312
Threats: T60 T80 T258 T288 T291 T302 T334 T392 T407
This OS fingerprinting probe tests to determine if the remote host echoes back the IP 'DF' (Don't Fragment) bit in a response packet. An attacker sends a UDP datagram with the DF bit set to a closed port on the remote host to observe whether the 'DF' bit is set in the response packet. Some operating systems will echo the bit in the ICMP error message while others will zero out the bit in the response packet.
Not present
| External ID | Source | Link | Description |
|---|---|---|---|
| CAPEC-319 | capec | https://capec.mitre.org/data/definitions/319.html | |
| CWE-200 | cwe | http://cwe.mitre.org/data/definitions/200.html | |
| REF-33 | reference_from_CAPEC | Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill | |
| REF-128 | reference_from_CAPEC | http://www.faqs.org/rfcs/rfc793.html | Defense Advanced Research Projects Agency Information Processing Techniques Office, Information Sciences Institute University of Southern California, RFC793 - Transmission Control Protocol, 1981--09, Defense Advanced Research Projects Agency (DARPA) |
| REF-212 | reference_from_CAPEC | Gordon "Fyodor" Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (3rd "Zero Day" Edition,), 2008, Insecure.com LLC | |
| REF-130 | reference_from_CAPEC | http://phrack.org/issues/51/11.html | Gordon "Fyodor" Lyon, The Art of Port Scanning (Volume: 7, Issue. 51), Phrack Magazine, 1997 |
Not present
Not present
Not present
Not present
| Authorization | Access Control | Confidentiality |
|---|---|---|
| Bypass Protection Mechanism | Bypass Protection Mechanism | Read Data |
| Hide Activities | Hide Activities | Bypass Protection Mechanism |
| Hide Activities |
Not present