Dark Mode

Settings

Capec-321 Detail

TCP Sequence Number Probe

Detailed Software Likelihood: Medium Typical Severity: Low

Parents: 312

Threats: T60 T80 T258 T288 T291 T302 T334 T392 T407

Description

This OS fingerprinting probe tests the target system's assignment of TCP sequence numbers. One common way to test TCP Sequence Number generation is to send a probe packet to an open port on the target and then compare the how the Sequence Number generated by the target relates to the Acknowledgement Number in the probe packet. Different operating systems assign Sequence Numbers differently, so a fingerprint of the operating system can be obtained by categorizing the relationship between the acknowledgement number and sequence number as follows: 1) the Sequence Number generated by the target is Zero, 2) the Sequence Number generated by the target is the same as the acknowledgement number in the probe, 3) the Sequence Number generated by the target is the acknowledgement number plus one, or 4) the Sequence Number is any other non- zero number.

Not present

External ID Source Link Description
CAPEC-321 capec https://capec.mitre.org/data/definitions/321.html
CWE-200 cwe http://cwe.mitre.org/data/definitions/200.html
REF-33 reference_from_CAPEC Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill
REF-128 reference_from_CAPEC http://www.faqs.org/rfcs/rfc793.html Defense Advanced Research Projects Agency Information Processing Techniques Office, Information Sciences Institute University of Southern California, RFC793 - Transmission Control Protocol, 1981--09, Defense Advanced Research Projects Agency (DARPA)
REF-212 reference_from_CAPEC Gordon "Fyodor" Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (3rd "Zero Day" Edition,), 2008, Insecure.com LLC

Not present

  1. The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card.
  1. A tool capable of sending and receiving packets from a remote system.

Not present

Authorization Access Control Confidentiality
Bypass Protection Mechanism Bypass Protection Mechanism Read Data
Hide Activities Hide Activities Bypass Protection Mechanism
Hide Activities

Not present

We use cookies to ensure you get the best experience on our website.