Detailedlikelihood: Mediumseverity: LowStable

CAPEC-332ICMP IP 'ID' Field Error Message Probe

Abstraction
Detailed
Status
Stable
Likelihood
Medium
Severity
Low

Description

An adversary sends a UDP datagram having an assigned value to its internet identification field (ID) to a closed port on a target to observe the manner in which this bit is echoed back in the ICMP error message. This allows the attacker to construct a fingerprint of specific OS behaviors. Metadata: detailed CAPEC pattern, status stable, likelihood medium, severity low. Underlying weakness: CWE-204. Related CAPEC pattern: [object Object].

Related weaknesses· 1

CWE-204

Related attack patterns· 1

CAPEC-312 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessObservable Response Discrepancycwe-204100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
IP 'ID' Echoed Byte-Order Probe
CAPEC
ICMP IP Total Length Field Probe
CAPEC
ICMP Error Message Echoing Integrity Probe
CAPEC
ICMP Error Message Quoting Probe
CAPEC
IP ID Sequencing Probe
CAPEC
ICMP Echo Request Ping
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.