Detailedseverity: LowStable

CAPEC-298UDP Ping

Abstraction
Detailed
Status
Stable
Severity
Low

Description

An adversary sends a UDP datagram to the remote host to determine if the host is alive. If a UDP datagram is sent to an open UDP port there is very often no response, so a typical strategy for using a UDP ping is to send the datagram to a random high port on the target. The goal is to solicit an 'ICMP port unreachable' message from the target, indicating that the host is alive. UDP pings are useful because some firewalls are not configured to block UDP datagrams sent to strange or typically unused ports, like ports in the 65K range. Additionally, while some firewalls may filter incoming ICMP, weaknesses in firewall rule-sets may allow certain types of ICMP (host unreachable, port unreachable) which are useful for UDP ping attempts.

Related weaknesses· 1

CWE-200

Related attack patterns· 1

CAPEC-292 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessExposure of Sensitive Information to an Unauthorized Actorcwe-200100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
UDP Scan
CAPEC
TCP ACK Ping
CAPEC
ICMP Echo Request Ping
CAPEC
UDP Flood
CAPEC
TCP SYN Ping
CAPEC
Host Discovery
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.