CAPEC-323: TCP (ISN) Counter Rate Probe

This OS detection probe measures the average rate of initial sequence number increments during a period of time. Sequence numbers are incremented using a time-based algorithm and are susceptible to a timing analysis that can determine the number of increments per unit time. The result of this analysis is then compared against a database of operating systems and versions to determine likely operation system matches.

Low

Typical severity

Per MITRE

Medium

Likelihood of attack

Per MITRE

Related weaknesses

CWEs this targets

Detailed

Abstraction

MITRE classification

Overview

CAPEC-323 (TCP (ISN) Counter Rate Probe) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.

CAPEC-323: TCP (ISN) Counter Rate Probe

Overview

What the attacker needs

Prerequisites

Resources required

Consequences

Frequently asked questions

What is CAPEC-323?

What weaknesses does CAPEC-323 target?

How severe is CAPEC-323?

References

Defend against CAPEC-323

Overview

What the attacker needs

Prerequisites

Resources required

Consequences

Related weaknesses

Related attack patterns

Parent

Frequently asked questions

What is CAPEC-323?

What weaknesses does CAPEC-323 target?

How severe is CAPEC-323?

References

Defend against CAPEC-323