IP ID Sequencing Probe |
| Attack Pattern ID: 317 (Detailed Attack Pattern) | Typical Severity: Low | Status: Draft |
DescriptionSummary
This OS fingerprinting probe analyzes the IP 'ID' field sequence number generation algorithm of a remote host. Operating systems generate IP 'ID' numbers differently, allowing an attacker to identify the operating system of the host by examining how is assigns ID numbers when generating response packets. RFC 791 does not specify how ID numbers are chosen or their ranges, so ID sequence generation differs from implementation to implementation. There are two kinds of IP 'ID' sequence number analysis:
1. IP 'ID' Sequencing: Analyzing the IP 'ID' sequence generation algorithm for one protocol used by a host.
2. Shared IP 'ID' Sequencing: Analyzing the packet ordering via IP 'ID' values spanning multiple protocols, such as between ICMP and TCP.
Target Attack SurfaceTarget Attack Surface Description
Targeted OSI Layers: Network Layer
Target Attack Surface Localities
Target Attack Surface Types: Host
Target Functional Services
| Target Functional Service 1: None | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Protocol 1: ICMP | |||||||||||||||||||||
| |||||||||||||||||||||
Related Attack Patterns| Nature | Type | ID | Name | Description | View(s) this relationship pertains to |
|---|---|---|---|---|---|
| ChildOf |  Attack Pattern | 314 | IP Fingerprinting Probes | Mechanism of Attack (primary)1000 |
References
