TCP Sequence Number Probe |
| Attack Pattern ID: 321 (Detailed Attack Pattern) | Typical Severity: Low | Status: Draft |
DescriptionSummary
This OS fingerprinting probe tests the target system's assignment of TCP sequence numbers. One common way to test TCP Sequence Number generation is to send a probe packet to an open port on the target and then compare the how the Sequence Number generated by the target relates to the Acknowledgement Number in the probe packet. Different operating systems assign Sequence Numbers differently, so a fingerprint of the operating system can be obtained by categorizing the relationship between the acknowledgement number and sequence number as follows:
1. The Sequence Number generated by the target is Zero.
2. The Sequence Number generated by the target is the same as the acknowledgement number in the probe
3. The Sequence Number generated by the target is the acknowledgement number plus one
3. The Sequence Number is any other non-zero number.
Target Attack SurfaceTarget Attack Surface Description
Targeted OSI Layers: Transport Layer
Target Attack Surface Localities
Target Attack Surface Types: Host
Target Functional Services
| Target Functional Service 1: None | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Protocol 1: TCP | ||||||||||||||||||||||||
| ||||||||||||||||||||||||
Attack PrerequisitesThe ability to send an TCP ACK segment to an open port and receive a response back containing a TCP sequence number.
Related Attack Patterns| Nature | Type | ID | Name | Description | View(s) this relationship pertains to |
|---|---|---|---|---|---|
| ChildOf |  Attack Pattern | 315 | TCP/IP Fingerprinting Probes | Mechanism of Attack (primary)1000 |
References
