CAPEC-293: Traceroute Route Enumeration
An adversary uses a traceroute utility to map out the route which data flows through the network in route to a target destination. Tracerouting can allow the adversary to construct a working topology of systems and routers by listing the systems through which data passes through on their way to the targeted machine. This attack can return varied results depending upon the type of traceroute that is performed. Traceroute works by sending packets to a target while incrementing the Time-to-Live field in the packet header. As the packet traverses each hop along its way to the destination, its TTL expires generating an ICMP diagnostic message that identifies where the packet expired. Traditional techniques for tracerouting involved the use of ICMP and UDP, but as more firewalls began to filter ingress ICMP, methods of traceroute using TCP were developed.
Last updated
Overview
CAPEC-293 (Traceroute Route Enumeration) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- A network capable of routing the attackers' packets to the destination network.
Resources required
- A command line version of traceroute or similar tool that performs route enumeration.
Consequences
What a successful CAPEC-293 attack can achieve.
Other
Affects: Confidentiality
Frequently asked questions
Common questions about CAPEC-293.
- What is CAPEC-293?
- An adversary uses a traceroute utility to map out the route which data flows through the network in route to a target destination. Tracerouting can allow the adversary to construct a working topology of systems and routers by listing the systems through which data passes through on their way to the targeted machine. This attack can return varied results depending upon the type of traceroute that is performed. Traceroute works by sending packets to a target while incrementing the Time-to-Live field in the packet header. As the packet traverses each hop along its way to the destination, its TTL expires generating an ICMP diagnostic message that identifies where the packet expired. Traditional techniques for tracerouting involved the use of ICMP and UDP, but as more firewalls began to filter ingress ICMP, methods of traceroute using TCP were developed.
- What weaknesses does CAPEC-293 target?
- CAPEC-293 exploits 1 CWE weakness, including CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor).
- How severe is CAPEC-293?
- MITRE rates CAPEC-293 as Low severity.
References
Attack-pattern data is sourced from the MITRE CAPEC catalog (v3.9). Weakness associations link to the corresponding CWE entries on RadicalNotion.AI.
Defend against CAPEC-293
Track the CVEs and weaknesses attackers exploit with this technique, with AI-written analysis and remediation guidance.