CAPEC 301 TCP Connect Scan

Stable Detailed Unknown Risk

Severity Low

Description

An adversary uses full TCP connection attempts to determine if a port is open on the target system. The scanning process involves completing a 'three-way handshake' with a remote port, and reports the port as closed if the full handshake cannot be established. An advantage of TCP connect scanning is that it works against any TCP/IP stack.

Attack Execution Flow

Step 1

Experiment

An adversary attempts to initialize a TCP connection with with the target port.

Step 2

Experiment

An adversary uses the result of their TCP connection to determine the state of the target port. A successful connection indicates a port is open with a service listening on it while a failed connection indicates the port is not open.

CAPEC 301 TCP Connect Scan

Description

Attack Execution Flow

Step 1

Step 2

Mitigations

Employ A Robust Network Defense Posture That Includes An Ids/Ips System.

Consequences

Security Scopes Affected

Potential Impacts

Relationships

Parent CAPECs

Resources Required

CAPEC 301 TCP Connect Scan

Description

Attack Execution Flow

Step 1

Step 2

Mitigations

Employ A Robust Network Defense Posture That Includes An Ids/Ips System.

Consequences

Security Scopes Affected

Potential Impacts

Relationships

Parent CAPECs

Resources Required

Iscriviti alla newsletter