Standard attack pattern
Stable
CAPEC-580: System Footprinting
An adversary engages in active probing and exploration activities to determine security information about a remote target system. Often times adversaries will rely on remote applications that can be probed for system configurations.
Last updated
Low
Typical severity
Per MITRE
Low
Likelihood of attack
Per MITRE
3
Related weaknesses
CWEs this targets
Standard
Abstraction
MITRE classification
Overview
CAPEC-580 (System Footprinting) is a standard-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- The adversary must have logical access to the target network and system.
Skills required
- Low skill: The adversary needs to know basic linux commands.
Consequences
What a successful CAPEC-580 attack can achieve.
Read Data
Affects: Confidentiality
How to mitigate it
Defenses that reduce the risk of CAPEC-580.
- Keep patches up to date by installing weekly or daily if possible.
- Identify programs that may be used to acquire peripheral information and block them by using a software restriction policy or tools that restrict program execution by using a process allowlist.