CAPEC-298: UDP Ping

An adversary sends a UDP datagram to the remote host to determine if the host is alive. If a UDP datagram is sent to an open UDP port there is very often no response, so a typical strategy for using a UDP ping is to send the datagram to a random high port on the target. The goal is to solicit an 'ICMP port unreachable' message from the target, indicating that the host is alive. UDP pings are useful because some firewalls are not configured to block UDP datagrams sent to strange or typically unused ports, like ports in the 65K range. Additionally, while some firewalls may filter incoming ICMP, weaknesses in firewall rule-sets may allow certain types of ICMP (host unreachable, port unreachable) which are useful for UDP ping attempts.

Low

Typical severity

Per MITRE

Not rated

Likelihood of attack

Per MITRE

Related weaknesses

CWEs this targets

Detailed

Abstraction

MITRE classification

CAPEC-298: UDP Ping

Overview

What the attacker needs

Prerequisites

Resources required

Consequences

How to mitigate it

Frequently asked questions

What is CAPEC-298?

How do you prevent CAPEC-298?

What weaknesses does CAPEC-298 target?

How severe is CAPEC-298?

References

Defend against CAPEC-298