| Name |
Host Discovery |
|
| Likelyhood of attack |
Typical severity |
| High |
Low |
|
| Summary |
An adversary sends a probe to an IP address to determine if the host is alive. Host discovery is one of the earliest phases of network reconnaissance. The adversary usually starts with a range of IP addresses belonging to a target network and uses various methods to determine if a host is present at that IP address. Host discovery is usually referred to as 'Ping' scanning using a sonar analogy. The goal is to send a packet through to the IP address and solicit a response from the host. As such, a 'ping' can be virtually any crafted packet whatsoever, provided the adversary can identify a functional host based on its response. An attack of this nature is usually carried out with a 'ping sweep,' where a particular kind of ping is sent to a range of IP addresses. |
| Prerequisites |
The adversary requires logical access to the target network in order to carry out host discovery. |
| Solutions | |
| Related Weaknesses |
|
CWE ID
|
Description
|
| CWE-200 |
Exposure of Sensitive Information to an Unauthorized Actor |
|
| Related CAPECS |
|
CAPEC ID
|
Description
|
| CAPEC-169 |
An adversary engages in probing and exploration activities to identify constituents and properties of the target. |
|
| Taxonomy: ATTACK |
|
Entry ID
|
Entry Name
|
| 1018 |
Remote System Discovery |
|