Home > CAPEC List > CAPEC-324: TCP (ISN) Sequence Predictability Probe (Version 2.11)  

CAPEC-324: TCP (ISN) Sequence Predictability Probe

TCP (ISN) Sequence Predictability Probe
Definition in a New Window Definition in a New Window
Attack Pattern ID: 324
Abstraction: Detailed
Status: Stable
Completeness: Complete
Presentation Filter:
+ Summary

This type of operating system probe attempts to determine an estimate for how predictable the sequence number generation algorithm is for a remote host. Statistical techniques, such as standard deviation, can be used to determine how predictable the sequence number generation is for a system. This result can then be compared to a database of operating system behaviors to determine a likely match for operating system and version.

+ Target Attack Surface

Target Attack Surface Description

Targeted OSI Layers: Transport Layer

Target Attack Surface Localities


Target Attack Surface Types: Host

Target Functional Services

Target Functional Service 1: None
Protocol 1: TCP
Protocol Header 1
Protocol Field NameProtocol Field DescriptionProtocol Data
Sequence Number
The sequence number of the first data octet in a segment (except when a SYN flag is present). If SYN is present the sequence number is the initial sequence number (ISN) of the connection and the first data octet is ISN+1. The sequence number consists of 32 bits.
For purposes of Sequence number analysis the data portion of the packet is either empty or ignored.
Related Protocol: Internet Protocol
Relationship Type
Uses Protocol
+ Attack Prerequisites
  • The ability to monitor and interact with network communications.

    Access to at least one host, and the privileges to interface with the network interface card.

+ Typical Severity


+ Typical Likelihood of Exploit

Likelihood: Medium

+ Resources Required

A tool capable of sending and receiving packets from a remote system.

+ Attack Motivation-Consequences
ScopeTechnical ImpactNote
Read application data
Bypass protection mechanism
Hide activities
+ References
[R.324.1] [REF-20] Stuart McClure, Joel Scambray and George Kurtz. "Hacking Exposed: Network Security Secrets & Solutions". Chapter 2: Scanning, pg. 56. 6th Edition. McGraw Hill. 2009.
[R.324.2] [REF-21] Defense Advanced Research Projects Agency Information Processing Techniques Office and Information Sciences Institute University of Southern California. "RFC793 - Transmission Control Protocol". Defense Advanced Research Projects Agency (DARPA). September 1981. <http://www.faqs.org/rfcs/rfc793.html>.
[R.324.3] [REF-22] Gordon "Fyodor" Lyon. "Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning". Chapter 8. Remote OS Detection. 3rd "Zero Day" Edition,. Insecure.com LLC. 2008.
[R.324.4] [REF-10] Gordon "Fyodor" Lyon. "The Art of Port Scanning". Volume: 7, Issue. 51. Phrack Magazine. 1997. <http://www.phrack.org/issues.html?issue=51&id=11#article>.
+ Content History
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
CAPEC Content TeamThe MITRE Corporation2017-05-01Updated Attack_Motivation-Consequences, Attack_Prerequisites, Related_Attack_Patterns, Resources_Required, Typical_Likelihood_of_ExploitInternal

More information is available — Please select a different filter.
Page Last Updated or Reviewed: August 04, 2017