CAPEC-313: Passive OS Fingerprinting

An adversary engages in activity to detect the version or type of OS software in a an environment by passively monitoring communication between devices, nodes, or applications. Passive techniques for operating system detection send no actual probes to a target, but monitor network or client-server communication between nodes in order to identify operating systems based on observed behavior as compared to a database of known signatures or values. While passive OS fingerprinting is not usually as reliable as active methods, it is generally better able to evade detection.

Low

Typical severity

Per MITRE

High

Likelihood of attack

Per MITRE

Related weaknesses

CWEs this targets

Standard

Abstraction

MITRE classification

Overview

CAPEC-313 (Passive OS Fingerprinting) is a standard-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.

CAPEC-313: Passive OS Fingerprinting

Overview

What the attacker needs

Prerequisites

Resources required

Consequences

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CAPEC-313?

What weaknesses does CAPEC-313 target?

How severe is CAPEC-313?

References

Defend against CAPEC-313

Overview

What the attacker needs

Prerequisites

Resources required

Consequences

Related weaknesses

Related attack patterns

Parent

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CAPEC-313?

What weaknesses does CAPEC-313 target?

How severe is CAPEC-313?

References

Defend against CAPEC-313