CAPEC-313: Passive OS Fingerprinting
An adversary engages in activity to detect the version or type of OS software in a an environment by passively monitoring communication between devices, nodes, or applications. Passive techniques for operating system detection send no actual probes to a target, but monitor network or client-server communication between nodes in order to identify operating systems based on observed behavior as compared to a database of known signatures or values. While passive OS fingerprinting is not usually as reliable as active methods, it is generally better able to evade detection.
Last updated
Overview
CAPEC-313 (Passive OS Fingerprinting) is a standard-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- The ability to monitor network communications.Access to at least one host, and the privileges to interface with the network interface card.
Resources required
- Any tool capable of monitoring network communications, like a packet sniffer (e.g., Wireshark)
Consequences
What a successful CAPEC-313 attack can achieve.
Read Data
Affects: Confidentiality
Hide Activities
Affects: Confidentiality, Access Control, Authorization
Terminology & mappings
Mapped taxonomies
- ATTACK: System Information Discovery (1082)
Frequently asked questions
Common questions about CAPEC-313.
- What is CAPEC-313?
- An adversary engages in activity to detect the version or type of OS software in a an environment by passively monitoring communication between devices, nodes, or applications. Passive techniques for operating system detection send no actual probes to a target, but monitor network or client-server communication between nodes in order to identify operating systems based on observed behavior as compared to a database of known signatures or values. While passive OS fingerprinting is not usually as reliable as active methods, it is generally better able to evade detection.
- What weaknesses does CAPEC-313 target?
- CAPEC-313 exploits 1 CWE weakness, including CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor).
- How severe is CAPEC-313?
- MITRE rates CAPEC-313 as Low severity with high likelihood of attack.
References
Attack-pattern data is sourced from the MITRE CAPEC catalog (v3.9). Weakness associations link to the corresponding CWE entries on RadicalNotion.AI.
Defend against CAPEC-313
Track the CVEs and weaknesses attackers exploit with this technique, with AI-written analysis and remediation guidance.