CAPEC-313: Passive OS Fingerprinting
An adversary engages in activity to detect the version or type of OS software in a an environment by passively monitoring communication between devices, nodes, or applications. Passive techniques for operating system detection send no actual probes to a target, but monitor network or client-server communication between nodes in order to identify operating systems based on observed behavior as compared to a database of known signatures or values. While passive OS fingerprinting is not usually as reliable as active methods, it is generally better able to evade detection.
Last updated
Overview
CAPEC-313 (Passive OS Fingerprinting) is a standard-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- The ability to monitor network communications.Access to at least one host, and the privileges to interface with the network interface card.
Resources required
- Any tool capable of monitoring network communications, like a packet sniffer (e.g., Wireshark)
Consequences
What a successful CAPEC-313 attack can achieve.
Read Data
Affects: Confidentiality
Hide Activities
Affects: Confidentiality, Access Control, Authorization