CAPEC-301
Alerte pour un CAPEC
Restez informé de toutes modifications pour un CAPEC spécifique.
Descriptions du CAPEC
An adversary uses full TCP connection attempts to determine if a port is open on the target system. The scanning process involves completing a 'three-way handshake' with a remote port, and reports the port as closed if the full handshake cannot be established. An advantage of TCP connect scanning is that it works against any TCP/IP stack.
Informations du CAPEC
Flux d'exécution
1) Experiment
An adversary attempts to initialize a TCP connection with with the target port.
2) Experiment
An adversary uses the result of their TCP connection to determine the state of the target port. A successful connection indicates a port is open with a service listening on it while a failed connection indicates the port is not open.
Conditions préalables
The adversary requires logical access to the target network. The TCP connect Scan requires the ability to connect to an available port and complete a 'three-way-handshake' This scanning technique does not require any special privileges in order to perform. This type of scan works against all TCP/IP stack implementations.Ressources nécessaires
The adversary can leverage a network mapper or scanner, or perform this attack via routine socket programming in a scripting language. Packet injection tools are also useful for this purpose. Depending upon the method used it may be necessary to sniff the network to see the response.Atténuations
Employ a robust network defense posture that includes an IDS/IPS system.Faiblesses connexes
| Nom de la faiblesse | |
|---|---|
CWE-200 |
Exposure of Sensitive Information to an Unauthorized Actor The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Références
REF-33
Hacking Exposed: Network Security Secrets & SolutionsStuart McClure, Joel Scambray, George Kurtz.
REF-128
RFC793 - Transmission Control ProtocolDefense Advanced Research Projects Agency Information Processing Techniques Office, Information Sciences Institute University of Southern California.
http://www.faqs.org/rfcs/rfc793.html
REF-34
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security ScanningGordon "Fyodor" Lyon.
REF-130
The Art of Port ScanningGordon "Fyodor" Lyon.
http://phrack.org/issues/51/11.html
Soumission
| Nom | Organisation | Date | Date de publication |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation |
Modifications
| Nom | Organisation | Date | Commentaire |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation | Updated Attack_Prerequisites, Description, Description Summary, References, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations | |
| CAPEC Content Team | The MITRE Corporation | Updated Execution_Flow | |
| CAPEC Content Team | The MITRE Corporation | Updated Description, Extended_Description |
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC)
sont maintenues par MITRE Corporation, et les informations sur les configurations
logicielles et matérielles (CPE) proviennent du NVD.