Home > CAPEC List > CAPEC-292: Host Discovery (Version 2.11)  

CAPEC-292: Host Discovery

Host Discovery
Definition in a New Window Definition in a New Window
Attack Pattern ID: 292
Abstraction: Standard
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An attacker sends a probe to an IP address to determine if the host is alive. Host discovery is one of the earliest phases of network reconnaissance. An attacker usually starts with a range of IP addresses belonging to a target network and uses various methods to determine if a host is present at that IP address. Host discovery is usually referred to as 'Ping' scanning using a sonar analogy. The goal of the attacker is to send a packet through to the IP address and solicit a response from the host. As such, a 'ping' can be virtually any crafted packet whatsoever, provided the attacker can identify a functional host based on its response. An attack of this nature is usually carried out with a 'ping sweep' where a particular kind of ping is sent to a range of IP addresses.

+ Target Attack Surface

Target Attack Surface Description

Targeted OSI Layers: Network Layer Transport Layer

Target Attack Surface Localities


Target Attack Surface Types: Network Host

+ Attack Prerequisites
  • A network capable of routing the attackers' packets to the destination network.

+ Typical Severity


+ Resources Required

The resources required will differ based upon the type of host discovery being performed. Usually a scanner or scanning script is required due to the volume of requests that must be generated.

+ Attack Motivation-Consequences
ScopeTechnical ImpactNote
"Varies by context"
Bypass protection mechanism
Hide activities
+ References
[R.292.1] [REF-20] Stuart McClure, Joel Scambray and George Kurtz. "Hacking Exposed: Network Security Secrets & Solutions". Chapter 1: Footprinting, pp.44. 6th Edition. McGraw Hill. 2009.
[R.292.2] [REF-22] Gordon "Fyodor" Lyon. "Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning". Section 3.6 Host Discover Techniques, pg.57. 3rd "Zero Day" Edition,. Insecure.com LLC, ISBN: 978-0-9799587-1-7. 2008.
[R.292.2] ATT&CK Project. "Local network connection enumeration (1049)". MITRE. <https://attack.mitre.org/wiki/Local_network_connection_enumeration>.
+ Content History
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
CAPEC Content TeamThe MITRE Corporation2015-11-09Updated ReferencesInternal

More information is available — Please select a different filter.
Page Last Updated or Reviewed: August 04, 2017