Standardlikelihood: Highseverity: LowStable

CAPEC-313Passive OS Fingerprinting

Abstraction
Standard
Status
Stable
Likelihood
High
Severity
Low

Description

An adversary engages in activity to detect the version or type of OS software in a an environment by passively monitoring communication between devices, nodes, or applications. Passive techniques for operating system detection send no actual probes to a target, but monitor network or client-server communication between nodes in order to identify operating systems based on observed behavior as compared to a database of known signatures or values. While passive OS fingerprinting is not usually as reliable as active methods, it is generally better able to evade detection.

Related weaknesses· 1

CWE-200

MITRE ATT&CK crosswalk· 1

T1082: System Information Discovery

Related attack patterns· 1

CAPEC-224 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessExposure of Sensitive Information to an Unauthorized Actorcwe-200100%live

Related to1

TypeTargetConfidenceTier
TechniqueSystem Information Discoveryt1082100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Active OS Fingerprinting
CAPEC
Fingerprinting
CAPEC
DEPRECATED: OS Fingerprinting
CAPEC
Process Footprinting
CAPEC
Application Fingerprinting
CAPEC
Sniffing Network Traffic
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.