IP Fingerprinting Probes
Attack Pattern ID: 314 (Standard Attack Pattern)Typical Severity: LowStatus: Draft
+ Description

Summary

An attacker engages in IP-based techniques for the purpose of fingerprinting operating systems on the network. By interrogating a particular IP stack implementation with IP segments that deviate from the ordinary or expected rules of RFC 791, an attacker can construct a fingerprint of unique behaviors for the target operating system. When this set of behaviors is analyzed against a database of known fingerprints, an attacker can make reliable inferences about the operating system type and version.

+ Target Attack Surface

Target Attack Surface Description

Targeted OSI Layers: Network Layer

Target Attack Surface Localities

Server-side

Target Attack Surface Types: Host

Target Functional Services

Target Functional Service 1: None
Protocol 1: ICMP
Related Protocol: Internet Control Messaging Protocol
Relationship Type
Uses Protocol
+ Attack Prerequisites

The ability to send and receive TCP segments from a target in order to identify a particular TCP stack implementation.

+ Related Attack Patterns
NatureTypeIDNameDescriptionView(s) this relationship pertains toView\(s\)
ChildOfAttack PatternAttack Pattern312Active OS Fingerprinting 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern317IP ID Sequencing Probe 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern318IP 'ID' Echoed Byte-Order Probe 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern319IP (DF) 'Don't Fragment Bit' Echoing Probe 
Mechanism of Attack (primary)1000
+ References
Stuart McClure, Joel Scambray, George Kurtz. "Hacking Exposed: Network Security Secrets & Solutions". 6th Edition. McGraw Hill, ISBN: 978-0-07-161374-3. 2009.
Defense Advanced Research Projects Agency (DARPA). "RFC793 - Transmission Control Protocol". 1981. <http://www.faqs.org/rfcs/rfc793.html>.
Gordon "Fyordor" Lyon. "Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning". 3rd "Zero Day" Edition, . Insecure.com LLC, ISBN:978-0-9799587-1-7. 2008.
Gordon "Fyordor" Lyon. "The Art of Port Scanning". Volume: 7, Issue. 51. Phrack Magazine. 1997. <http://nmap.org/p51-11.html>.
Back to top