Detailedlikelihood: Mediumseverity: LowStable

CAPEC-319IP (DF) 'Don't Fragment Bit' Echoing Probe

Abstraction
Detailed
Status
Stable
Likelihood
Medium
Severity
Low

Description

This OS fingerprinting probe tests to determine if the remote host echoes back the IP 'DF' (Don't Fragment) bit in a response packet. An attacker sends a UDP datagram with the DF bit set to a closed port on the remote host to observe whether the 'DF' bit is set in the response packet. Some operating systems will echo the bit in the ICMP error message while others will zero out the bit in the response packet.

Related weaknesses· 1

CWE-200

Related attack patterns· 1

CAPEC-312 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessExposure of Sensitive Information to an Unauthorized Actorcwe-200100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
IP 'ID' Echoed Byte-Order Probe
CAPEC
ICMP IP 'ID' Field Error Message Probe
CAPEC
ICMP IP Total Length Field Probe
CAPEC
TCP 'RST' Flag Checksum Probe
CAPEC
TCP Congestion Control Flag (ECN) Probe
CAPEC
TCP Sequence Number Probe
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.