CAPEC-296: ICMP Information Request
Description
Extended Description
Many modern operating systems will not respond to ICMP type 17 messages for security reasons. Determining whether a system or router will respond to an ICMP Address Mask Request helps the adversary determine operating system or firmware version. Additionally, because these types of messages are rare, they are easily spotted by intrusion detection systems. Many ICMP scanning tools support IP spoofing to help conceal the origin of the actual request among a storm of similar ICMP messages. It is a common practice for border firewalls and gateways to be configured to block ingress ICMP type 17 and egress ICMP type 18 messages.
Severity :
Low
Possibility :
Type :
Detailed
Relationships with other CAPECs
This table shows the other attack patterns and high level categories that are related to this attack pattern.
Prerequisites
This table shows the other attack patterns and high level categories that are related to this attack pattern.
- The ability to send an ICMP Type 15 Information Request and receive an ICMP Type 16 Information Reply in response.
Skills required
This table shows the other attack patterns and high level categories that are related to this attack pattern.
- Low The adversary needs to know certain linux commands for this type of attack.
Taxonomy mappings
Mappings to ATT&CK, OWASP and other frameworks.
Resources required
Scanners or utilities that provide the ability to send custom ICMP queries.
Related CWE
A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.
Visit http://capec.mitre.org/ for more details.