Detailedlikelihood: Mediumseverity: LowStable

CAPEC-318IP 'ID' Echoed Byte-Order Probe

Abstraction
Detailed
Status
Stable
Likelihood
Medium
Severity
Low

Description

This OS fingerprinting probe tests to determine if the remote host echoes back the IP 'ID' value from the probe packet. An attacker sends a UDP datagram with an arbitrary IP 'ID' value to a closed port on the remote host to observe the manner in which this bit is echoed back in the ICMP error message. The identification field (ID) is typically utilized for reassembling a fragmented packet. Some operating systems or router firmware reverse the bit order of the ID field when echoing the IP Header portion of the original datagram within an ICMP error message.

Related weaknesses· 1

CWE-200

Related attack patterns· 1

CAPEC-312 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessExposure of Sensitive Information to an Unauthorized Actorcwe-200100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
ICMP IP 'ID' Field Error Message Probe
CAPEC
IP ID Sequencing Probe
CAPEC
IP (DF) 'Don't Fragment Bit' Echoing Probe
CAPEC
TCP Sequence Number Probe
CAPEC
ICMP IP Total Length Field Probe
CAPEC
ICMP Error Message Echoing Integrity Probe
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.