CAPEC-580

Standard Abstraction Level
Meta — Very abstract, high-level category
Standard — Specific enough to understand
Detailed — Tied to specific technique
Stable MITRE CAPEC Status
Stable — Fully reviewed and complete
Draft — Under development
Incomplete — Partially defined
Deprecated — No longer recommended
Obsolete — Replaced by another CAPEC
Likelihood: Low Severity: Low
System Footprinting

Description

An adversary engages in active probing and exploration activities to determine security information about a remote target system. Often times adversaries will rely on remote applications that can be probed for system configurations.

Prerequisites

The adversary must have logical access to the target network and system.

Mitigations

Keep patches up to date by installing weekly or daily if possible.

Identify programs that may be used to acquire peripheral information and block them by using a software restriction policy or tools that restrict program execution by using a process allowlist.

Skills Required

[Low] The adversary needs to know basic linux commands.