Detailedseverity: LowStable

CAPEC-299TCP SYN Ping

Abstraction
Detailed
Status
Stable
Severity
Low

Description

An adversary uses TCP SYN packets as a means towards host discovery. Typical RFC 793 behavior specifies that when a TCP port is open, a host must respond to an incoming SYN "synchronize" packet by completing stage two of the 'three-way handshake' - by sending an SYN/ACK in response. When a port is closed, RFC 793 behavior is to respond with a RST "reset" packet. This behavior can be used to 'ping' a target to see if it is alive by sending a TCP SYN packet to a port and then looking for a RST or an ACK packet in response.

Related weaknesses· 1

CWE-200

Related attack patterns· 1

CAPEC-292 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessExposure of Sensitive Information to an Unauthorized Actorcwe-200100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
TCP ACK Ping
CAPEC
TCP SYN Scan
CAPEC
UDP Ping
CAPEC
TCP Flood
CAPEC
TCP Connect Scan
CAPEC
ICMP Echo Request Ping
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.