CAPEC-285 Metadata
Likelihood of Attack
Medium
Typical Severity
Low
Overview
Summary
An adversary sends out an ICMP Type 8 Echo Request, commonly known as a 'Ping', in order to determine if a target system is responsive. If the request is not blocked by a firewall or ACL, the target host will respond with an ICMP Type 0 Echo Reply datagram. This type of exchange is usually referred to as a 'Ping' due to the Ping utility present in almost all operating systems. Ping, as commonly implemented, allows a user to test for alive hosts, measure round-trip time, and measure the percentage of packet loss.
Prerequisites
The ability to send an ICMP type 8 query (Echo Request) to a remote target and receive an ICMP type 0 message (ICMP Echo Reply) in response. Any firewalls or access control lists between the sender and receiver must allow ICMP Type 8 and ICMP Type 0 messages in order for a ping operation to succeed.
Potential Solutions / Mitigations
Consider configuring firewall rules to block ICMP Echo requests and prevent replies. If not practical, monitor and consider action when a system has fast and a repeated pattern of requests that move incrementally through port numbers.
Related Weaknesses (CWE)
CWE ID | Description |
---|---|
CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor |
Related CAPECs
CAPEC ID | Description |
---|---|
CAPEC-292 | An adversary sends a probe to an IP address to determine if the host is alive. Host discovery is one of the earliest phases of network reconnaissance. The adversary usually starts with a range of IP addresses belonging to a target network and uses various methods to determine if a host is present at that IP address. Host discovery is usually referred to as 'Ping' scanning using a sonar analogy. The goal is to send a packet through to the IP address and solicit a response from the host. As such, a 'ping' can be virtually any crafted packet whatsoever, provided the adversary can identify a functional host based on its response. An attack of this nature is usually carried out with a 'ping sweep,' where a particular kind of ping is sent to a range of IP addresses. |
Stay Ahead of Attack Patterns
Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.