Common Attack Pattern Enumeration and Classification
A Community Resource for Identifying and Understanding Attacks
An attacker engages in ICMP stack fingerprinting techniques to determine the operating system type and version of a remote target. The role of ICMP as an ubiquitous diagnostic messaging protocol means that ICMP fingerprinting techniques are applicable to almost any internet host in a similar manner as TCP. ICMP fingerprinting techniques involve the generation of ICMP messages and analyzing the responses. This method is limited in that most firewalls are configured to block ICMP messages for security reasons, so it is most effective when used on an internal network segment. OS fingerprints using ICMP usually involve multiple different probes as the information returned from any one probe is usually insufficient to support a reliable OS inference.
Target Attack Surface Description
Targeted OSI Layers: Network Layer
Target Attack Surface Localities
Target Attack Surface Types: Host
Target Functional Services
[R.316.1] [REF-20] Stuart McClure, Joel Scambray and George Kurtz. "Hacking Exposed: Network Security Secrets & Solutions". Chapter 2: Scanning, pg. 56. 6th Edition. McGraw Hill. 2009.
[R.316.2] [REF-23] J. Postel. "RFC792 - Internet Control Messaging Protocol". Defense Advanced Research Projects Agency (DARPA). September 1981. <http://www.faqs.org/rfcs/rfc792.html>.
[R.316.3] [REF-24] R. Braden, Ed.. "RFC1122 - Requirements for Internet Hosts - Communication Layers". October 1989. <http://www.faqs.org/rfcs/rfc1122.html>.
More information is available — Please select a different filter.