Dettaglio CAPEC-300

CAPEC-300

Port Scanning
Basso
Stable
2014-06-23
00h00 +00:00
2022-02-22
00h00 +00:00
CAPEC Mitre.org
Avviso per un CAPEC specifico
Rimani informato su qualsiasi modifica relativa a un CAPEC specifico.
Gestione notifiche

Descrizioni CAPEC

An adversary uses a combination of techniques to determine the state of the ports on a remote target. Any service or application available for TCP or UDP networking will have a port open for communications over the network.

Informazioni CAPEC

Prerequisiti

The adversary requires logical access to the target's network in order to carry out this type of attack.

Risorse richieste

The adversary requires a network mapping/scanning tool, or must conduct socket programming on the command line. Packet injection tools are also useful for this purpose. Depending upon the method used it may be necessary to sniff the network in order to see the response.

Vulnerabilità correlate

CWE-ID Nome della vulnerabilità

CWE-200

 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Riferimenti

REF-33

Hacking Exposed: Network Security Secrets & Solutions
Stuart McClure, Joel Scambray, George Kurtz.

REF-128

RFC793 - Transmission Control Protocol
Defense Advanced Research Projects Agency Information Processing Techniques Office, Information Sciences Institute University of Southern California.
http://www.faqs.org/rfcs/rfc793.html

REF-158

RFC768 - User Datagram Protocol
J. Postel.
http://www.faqs.org/rfcs/rfc768.html

REF-34

Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning
Gordon "Fyodor" Lyon.

REF-130

The Art of Port Scanning
Gordon "Fyodor" Lyon.
http://phrack.org/issues/51/11.html

Invio

Nome Organizzazione Data Data di rilascio
CAPEC Content Team The MITRE Corporation 2014-06-23 +00:00

Modifiche

Nome Organizzazione Data Commento
CAPEC Content Team The MITRE Corporation 2018-07-31 +00:00 Updated Attack_Prerequisites, Description, Description Summary, References, Related_Weaknesses, Resources_Required
CAPEC Content Team The MITRE Corporation 2019-04-04 +00:00 Updated Related_Attack_Patterns, Taxonomy_Mappings
CAPEC Content Team The MITRE Corporation 2019-09-30 +00:00 Updated Related_Attack_Patterns
CAPEC Content Team The MITRE Corporation 2020-12-17 +00:00 Updated Description, Notes
CAPEC Content Team The MITRE Corporation 2022-02-22 +00:00 Updated Description, Extended_Description
Le informazioni presentate su CVE Find provengono da diverse fonti di riferimento attentamente selezionate. I dati CVE sono forniti da MITRE Corporation e dal National Vulnerability Database (NVD). Il catalogo delle vulnerabilità sfruttate conosciute (KEV) proviene dalla Cybersecurity and Infrastructure Security Agency (CISA), mentre i punteggi EPSS provengono da FIRST.org. Inoltre, i dati relativi alle vulnerabilità software (CWE) e ai pattern di attacco comuni (CAPEC) sono mantenuti da MITRE Corporation, e le informazioni sulle configurazioni hardware e software (CPE) sono fornite da NVD.