TCP (ISN) Counter Rate Probe |
Attack Pattern ID: 323 (Detailed Attack Pattern) | Typical Severity: Low | Status: Draft |
Summary
This OS detection probe measures the average rate of initial sequence number increments during a period of time. Sequence numbers are incremented using a time-based algorithm and are susceptible to a timing analysis that can determine the number of increments per unit time. The result of this analysis is then compared against a database of operating systems and versions to determine likely operation system matches.
Target Attack Surface Description
Targeted OSI Layers: Transport Layer
Target Attack Surface Localities
Server-side
Target Attack Surface Types: Host
Target Functional Services
Target Functional Service 1: None | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
Protocol 1: TCP | ||||||||||||
|
Nature | Type | ID | Name | Description | View(s) this relationship pertains to |
---|---|---|---|---|---|
ChildOf | Attack Pattern | 315 | TCP/IP Fingerprinting Probes | Mechanism of Attack (primary)1000 |
Stuart McClure, Joel Scambray and George Kurtz. "Hacking Exposed: Network Security Secrets & Solutions". 6th Edition. McGraw Hill, ISBN: 978-0-07-161374-3. 2009.
Defense Advanced Research Projects Agency (DARPA). "RFC793 - Transmission Control Protocol". 1981. <http://www.faqs.org/rfcs/rfc793.html>.
Gordon "Fyordor" Lyon. "Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning". 3rd "Zero Day" Edition, . Insecure.com LLC, ISBN:978-0-9799587-1-7. 2008.