Dettaglio CAPEC-285

CAPEC-285

ICMP Echo Request Ping
Medio
Basso
Stable
2014-06-23
00h00 +00:00
2022-02-22
00h00 +00:00
CAPEC Mitre.org
Avviso per un CAPEC specifico
Rimani informato su qualsiasi modifica relativa a un CAPEC specifico.
Gestione notifiche

Descrizioni CAPEC

An adversary sends out an ICMP Type 8 Echo Request, commonly known as a 'Ping', in order to determine if a target system is responsive. If the request is not blocked by a firewall or ACL, the target host will respond with an ICMP Type 0 Echo Reply datagram. This type of exchange is usually referred to as a 'Ping' due to the Ping utility present in almost all operating systems. Ping, as commonly implemented, allows a user to test for alive hosts, measure round-trip time, and measure the percentage of packet loss.

Informazioni CAPEC

Prerequisiti

The ability to send an ICMP type 8 query (Echo Request) to a remote target and receive an ICMP type 0 message (ICMP Echo Reply) in response. Any firewalls or access control lists between the sender and receiver must allow ICMP Type 8 and ICMP Type 0 messages in order for a ping operation to succeed.

Competenze richieste

The adversary needs to know certain linux commands for this type of attack.

Risorse richieste

Scanners or utilities that provide the ability to send custom ICMP queries.

Mitigazioni

Consider configuring firewall rules to block ICMP Echo requests and prevent replies. If not practical, monitor and consider action when a system has fast and a repeated pattern of requests that move incrementally through port numbers.

Vulnerabilità correlate

CWE-ID Nome della vulnerabilità

CWE-200

 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Riferimenti

REF-33

Hacking Exposed: Network Security Secrets & Solutions
Stuart McClure, Joel Scambray, George Kurtz.

REF-123

RFC792 - Internet Control Messaging Protocol
J. Postel.
http://www.faqs.org/rfcs/rfc792.html

REF-124

RFC1122 - Requirements for Internet Hosts - Communication Layers
R. Braden, Ed..
http://www.faqs.org/rfcs/rfc1122.html

REF-125

Host Discovery with Nmap
Mark Wolfgang.
http://nmap.org/docs/discovery.pdf

REF-34

Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning
Gordon "Fyodor" Lyon.

Invio

Nome Organizzazione Data Data di rilascio
CAPEC Content Team The MITRE Corporation 2014-06-23 +00:00

Modifiche

Nome Organizzazione Data Commento
CAPEC Content Team The MITRE Corporation 2017-08-04 +00:00 Updated Description Summary, Resources_Required
CAPEC Content Team The MITRE Corporation 2018-07-31 +00:00 Updated Attack_Motivation-Consequences, Attacker_Skills_or_Knowledge_Required, Description, Description Summary, Related_Weaknesses, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit
CAPEC Content Team The MITRE Corporation 2019-09-30 +00:00 Updated Related_Attack_Patterns
CAPEC Content Team The MITRE Corporation 2022-02-22 +00:00 Updated Description, Extended_Description
Le informazioni presentate su CVE Find provengono da diverse fonti di riferimento attentamente selezionate. I dati CVE sono forniti da MITRE Corporation e dal National Vulnerability Database (NVD). Il catalogo delle vulnerabilità sfruttate conosciute (KEV) proviene dalla Cybersecurity and Infrastructure Security Agency (CISA), mentre i punteggi EPSS provengono da FIRST.org. Inoltre, i dati relativi alle vulnerabilità software (CWE) e ai pattern di attacco comuni (CAPEC) sono mantenuti da MITRE Corporation, e le informazioni sulle configurazioni hardware e software (CPE) sono fornite da NVD.