File size: 4,387 Bytes
5fe70fd |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 |
{
"id": "bundle--d78ba103-338b-462f-a8db-153e92284a36",
"objects": [
{
"created": "2014-06-23T00:00:00.000Z",
"created_by_ref": "identity--e50ab59c-5c4f-4d40-bf6a-d58418d89bcd",
"description": "This type of operating system probe attempts to determine an estimate for how predictable the sequence number generation algorithm is for a remote host. Statistical techniques, such as standard deviation, can be used to determine how predictable the sequence number generation is for a system. This result can then be compared to a database of operating system behaviors to determine a likely match for operating system and version.",
"external_references": [
{
"external_id": "CAPEC-324",
"source_name": "capec",
"url": "https://capec.mitre.org/data/definitions/324.html"
},
{
"external_id": "CWE-200",
"source_name": "cwe",
"url": "http://cwe.mitre.org/data/definitions/200.html"
},
{
"description": "Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed: Network Security Secrets & Solutions (6th Edition), 2009, McGraw Hill",
"external_id": "REF-33",
"source_name": "reference_from_CAPEC"
},
{
"description": "Defense Advanced Research Projects Agency Information Processing Techniques Office, Information Sciences Institute University of Southern California, RFC793 - Transmission Control Protocol, 1981--09, Defense Advanced Research Projects Agency (DARPA)",
"external_id": "REF-128",
"source_name": "reference_from_CAPEC",
"url": "http://www.faqs.org/rfcs/rfc793.html"
},
{
"description": "Gordon \"Fyodor\" Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (3rd \"Zero Day\" Edition,), 2008, Insecure.com LLC",
"external_id": "REF-212",
"source_name": "reference_from_CAPEC"
},
{
"description": "Gordon \"Fyodor\" Lyon, The Art of Port Scanning (Volume: 7, Issue. 51), Phrack Magazine, 1997",
"external_id": "REF-130",
"source_name": "reference_from_CAPEC",
"url": "http://phrack.org/issues/51/11.html"
}
],
"id": "attack-pattern--12d80b47-8e4c-4646-bcc3-2bd7059a44e1",
"modified": "2018-07-31T00:00:00.000Z",
"name": "TCP (ISN) Sequence Predictability Probe",
"object_marking_refs": [
"marking-definition--17d82bb2-eeeb-4898-bda5-3ddbcd2b799d"
],
"spec_version": "2.1",
"type": "attack-pattern",
"x_capec_abstraction": "Detailed",
"x_capec_child_of_refs": [
"attack-pattern--6227a1fc-7504-4a5f-b5b2-4c4f1fe38617"
],
"x_capec_consequences": {
"Access_Control": [
"Bypass Protection Mechanism",
"Hide Activities"
],
"Authorization": [
"Bypass Protection Mechanism",
"Hide Activities"
],
"Confidentiality": [
"Read Data",
"Bypass Protection Mechanism",
"Hide Activities"
]
},
"x_capec_domains": [
"Software"
],
"x_capec_likelihood_of_attack": "Medium",
"x_capec_prerequisites": [
"The ability to monitor and interact with network communications.Access to at least one host, and the privileges to interface with the network interface card."
],
"x_capec_resources_required": [
"A tool capable of sending and receiving packets from a remote system."
],
"x_capec_status": "Stable",
"x_capec_typical_severity": "Low",
"x_capec_version": "3.9"
}
],
"type": "bundle"
} |