TCP/IP Fingerprinting Probes
Attack Pattern ID: 315 (Standard Attack Pattern)Typical Severity: LowStatus: Draft
+ Description

Summary

An attacker engages in TCP stack fingerprinting techniques to determine the type and version of operating systems on the network. TCP Fingerprinting involves manipulating portions of the TCP header or other characteristics in order to elicit a unique and identifiable response from an operating system. This response is compared against a database of known operating system fingerprints and a guess about the operating system type and version is made.

+ Target Attack Surface

Target Attack Surface Description

Targeted OSI Layers: Network Layer Transport Layer Application Layer

Target Attack Surface Localities

Server-side

Target Attack Surface Types: Host Service

Target Functional Services

Target Functional Service 1: None
Protocol 1: Any
Related Protocol: Internet Protocol
Relationship Type
Uses Protocol
Related Protocol: User Datagram Protocol
Relationship Type
Uses Protocol
Related Protocol: lnternet Control Messaging Protocol
Relationship Type
Uses Protocol
Related Protocol: Transmission Control Protocol
Relationship Type
Uses Protocol
+ Attack Prerequisites

The ability to send and receive TCP segments from a target in order to identify a particular TCP stack implementation.

+ Related Attack Patterns
NatureTypeIDNameDescriptionView(s) this relationship pertains toView\(s\)
ChildOfAttack PatternAttack Pattern312Active OS Fingerprinting 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern320TCP Timestamp Probe 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern321TCP Sequence Number Probe 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern322TCP (ISN) Greatest Common Divisor Probe 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern323TCP (ISN) Counter Rate Probe 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern324TCP (ISN) Sequence Predictability Probe 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern325TCP Congestion Control Flag (ECN) Probe 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern326TCP Initial Window Size Probe 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern327TCP Options Probe 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern328TCP 'RST' Flag Checksum Probe 
Mechanism of Attack (primary)1000
+ References
Stuart McClure, Joel Scambray and George Kurtz. "Hacking Exposed: Network Security Secrets & Solutions". 6th Edition. McGraw Hill, ISBN: 978-0-07-161374-3. 2009.
Defense Advanced Research Projects Agency (DARPA). "RFC793 - Transmission Control Protocol". 1981. <http://www.faqs.org/rfcs/rfc793.html>.
Gordon "Fyordor" Lyon. "Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning". 3rd "Zero Day" Edition, . Insecure.com LLC, ISBN:978-0-9799587-1-7. 2008.
Gordon "Fyordor" Lyon. "The Art of Port Scanning". Volume: 7, Issue. 51. Phrack Magazine. 1997. <http://nmap.org/p51-11.html>.
Back to top