| Name |
TCP RPC Scan |
|
| Likelyhood of attack |
Typical severity |
| Low |
Low |
|
| Summary |
An adversary scans for RPC services listing on a Unix/Linux host. |
| Prerequisites |
RPC scanning requires no special privileges when it is performed via a native system utility. |
| Execution Flow |
| Step |
Phase |
Description |
Techniques |
| 1 |
Experiment |
An adversary sends RCP packets to target ports. |
|
| 2 |
Experiment |
An adversary uses the response from the target to determine which, if any, RPC service is running on that port. Responses will vary based on which RPC service is running. |
|
|
| Solutions | Typically, an IDS/IPS system is very effective against this type of attack. |
| Related Weaknesses |
|
CWE ID
|
Description
|
| CWE-200 |
Exposure of Sensitive Information to an Unauthorized Actor |
|
| Related CAPECS |
|
CAPEC ID
|
Description
|
| CAPEC-300 |
An adversary uses a combination of techniques to determine the state of the ports on a remote target. Any service or application available for TCP or UDP networking will have a port open for communications over the network. |
|