CAPEC-580: System Footprinting
An adversary engages in active probing and exploration activities to determine security information about a remote target system. Often times adversaries will rely on remote applications that can be probed for system configurations.
Last updated
Overview
CAPEC-580 (System Footprinting) is a standard-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- The adversary must have logical access to the target network and system.
Skills required
- Low skill: The adversary needs to know basic linux commands.
Consequences
What a successful CAPEC-580 attack can achieve.
Read Data
Affects: Confidentiality
How to mitigate it
Defenses that reduce the risk of CAPEC-580.
- Keep patches up to date by installing weekly or daily if possible.
- Identify programs that may be used to acquire peripheral information and block them by using a software restriction policy or tools that restrict program execution by using a process allowlist.
Terminology & mappings
Mapped taxonomies
- ATTACK: System Information Discovery (1082)
Frequently asked questions
Common questions about CAPEC-580.
- What is CAPEC-580?
- An adversary engages in active probing and exploration activities to determine security information about a remote target system. Often times adversaries will rely on remote applications that can be probed for system configurations.
- How do you prevent CAPEC-580?
- Keep patches up to date by installing weekly or daily if possible.
- What weaknesses does CAPEC-580 target?
- CAPEC-580 exploits 3 CWE weaknesses, including CWE-204 (Observable Response Discrepancy), CWE-205 (Observable Behavioral Discrepancy), CWE-208 (Observable Timing Discrepancy).
- How severe is CAPEC-580?
- MITRE rates CAPEC-580 as Low severity with low likelihood of attack.
References
Attack-pattern data is sourced from the MITRE CAPEC catalog (v3.9). Weakness associations link to the corresponding CWE entries on RadicalNotion.AI.
Defend against CAPEC-580
Track the CVEs and weaknesses attackers exploit with this technique, with AI-written analysis and remediation guidance.