Dark Mode
Capec-322 Detail
TCP (ISN) Greatest Common Divisor Probe
Detailed Software Likelihood: Medium Typical Severity: Low
Parents: 312
Threats: T60 T80 T258 T288 T291 T302 T334 T392 T407
This OS fingerprinting probe sends a number of TCP SYN packets to an open port of a remote machine. The Initial Sequence Number (ISN) in each of the SYN/ACK response packets is analyzed to determine the smallest number that the target host uses when incrementing sequence numbers. This information can be useful for identifying an operating system because particular operating systems and versions increment sequence numbers using different values. The result of the analysis is then compared against a database of OS behaviors to determine the OS type and/or version.
Not present
| External ID | Source | Link | Description |
|---|---|---|---|
| CAPEC-322 | capec | https://capec.mitre.org/data/definitions/322.html | |
| CWE-200 | cwe | http://cwe.mitre.org/data/definitions/200.html | |
| REF-33 | reference_from_CAPEC | Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill | |
| REF-128 | reference_from_CAPEC | http://www.faqs.org/rfcs/rfc793.html | Defense Advanced Research Projects Agency Information Processing Techniques Office, Information Sciences Institute University of Southern California, RFC793 - Transmission Control Protocol, 1981--09, Defense Advanced Research Projects Agency (DARPA) |
| REF-212 | reference_from_CAPEC | Gordon "Fyodor" Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (3rd "Zero Day" Edition,), 2008, Insecure.com LLC |
Not present
- The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card.
- A tool capable of sending and receiving packets from a remote system.
Not present
| Authorization | Access Control | Confidentiality |
|---|---|---|
| Bypass Protection Mechanism | Bypass Protection Mechanism | Read Data |
| Hide Activities | Hide Activities | Bypass Protection Mechanism |
| Hide Activities |
Not present