Detailedlikelihood: Mediumseverity: LowStable

CAPEC-331ICMP IP Total Length Field Probe

Abstraction
Detailed
Status
Stable
Likelihood
Medium
Severity
Low

Description

An adversary sends a UDP packet to a closed port on the target machine to solicit an IP Header's total length field value within the echoed 'Port Unreachable" error message. This type of behavior is useful for building a signature-base of operating system responses, particularly when error messages contain other types of information that is useful identifying specific operating system responses.

Related weaknesses· 1

CWE-204

Related attack patterns· 1

CAPEC-312 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessObservable Response Discrepancycwe-204100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
ICMP IP 'ID' Field Error Message Probe
CAPEC
ICMP Error Message Quoting Probe
CAPEC
ICMP Error Message Echoing Integrity Probe
CAPEC
IP 'ID' Echoed Byte-Order Probe
CAPEC
UDP Scan
CAPEC
ICMP Echo Request Ping
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.