Detailedlikelihood: Mediumseverity: LowStable

CAPEC-322TCP (ISN) Greatest Common Divisor Probe

Abstraction
Detailed
Status
Stable
Likelihood
Medium
Severity
Low

Description

This OS fingerprinting probe sends a number of TCP SYN packets to an open port of a remote machine. The Initial Sequence Number (ISN) in each of the SYN/ACK response packets is analyzed to determine the smallest number that the target host uses when incrementing sequence numbers. This information can be useful for identifying an operating system because particular operating systems and versions increment sequence numbers using different values. The result of the analysis is then compared against a database of OS behaviors to determine the OS type and/or version.

Related weaknesses· 1

CWE-200

Related attack patterns· 1

CAPEC-312 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessExposure of Sensitive Information to an Unauthorized Actorcwe-200100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
TCP (ISN) Counter Rate Probe
CAPEC
TCP Sequence Number Probe
CAPEC
TCP (ISN) Sequence Predictability Probe
CAPEC
IP ID Sequencing Probe
CAPEC
TCP Initial Window Size Probe
CAPEC
IP 'ID' Echoed Byte-Order Probe
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.