CAPEC-326: TCP Initial Window Size Probe
This OS fingerprinting probe checks the initial TCP Window size. TCP stacks limit the range of sequence numbers allowable within a session to maintain the "connected" state within TCP protocol logic. The initial window size specifies a range of acceptable sequence numbers that will qualify as a response to an ACK packet within a session. Various operating systems use different Initial window sizes. The initial window size can be sampled by establishing an ordinary TCP connection.
Last updated
Overview
CAPEC-326 (TCP Initial Window Size Probe) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card.
Resources required
- A tool capable of sending and receiving packets from a remote system.
Consequences
What a successful CAPEC-326 attack can achieve.
Read Data
Affects: Confidentiality
Bypass Protection Mechanism, Hide Activities
Affects: Confidentiality, Access Control, Authorization