CAPEC-314 - IP Fingerprinting Probes

An attacker engages in IP-based techniques for the purpose of fingerprinting operating systems on the network. By interrogating a particular IP stack implementation with IP segments that deviate from the ordinary or expected rules of RFC 791, an attacker can construct a fingerprint of unique behaviors for the target operating system. When this set of behaviors is analyzed against a database of known fingerprints, an attacker can make reliable inferences about the operating system type and version.

Severity

Likelihood

Confidentiality

Integrity

Availability

  • Scopes 2
  • "Varies by context"
  • Confidentiality
  • Hide activities
  • Bypass protection mechanism
  • Authorization
  • Access_Control
  • Confidentiality

The ability to send and receive TCP segments from a target in order to identify a particular TCP stack implementation.