CAPEC 305 TCP ACK Scan

Stable Detailed Unknown Risk

Severity Low

Description

An adversary uses TCP ACK segments to gather information about firewall or ACL configuration. The purpose of this type of scan is to discover information about filter configurations rather than port state. This type of scanning is rarely useful alone, but when combined with SYN scanning, gives a more complete picture of the type of firewall rules that are present.

Attack Execution Flow

Step 1

Experiment

An adversary sends TCP packets with the ACK flag set and that are not associated with an existing connection to target ports.

Step 2

Experiment

An adversary uses the response from the target to determine the port's state. If a RST packet is received the target port is either closed or the ACK was sent out-of-sync. If no response is received, the target is likely using a stateful firewall.

CAPEC 305 TCP ACK Scan

Description

Attack Execution Flow

Step 1

Step 2

Consequences

Security Scopes Affected

Potential Impacts

Relationships

Parent CAPECs

Resources Required

CAPEC 305 TCP ACK Scan

Description

Attack Execution Flow

Step 1

Step 2

Consequences

Security Scopes Affected

Potential Impacts

Relationships

Parent CAPECs

Resources Required

Iscriviti alla newsletter