CAPEC Details
Name Timestamp Request
Likelyhood of attack Typical severity
High Low
Summary This pattern of attack leverages standard requests to learn the exact time associated with a target system. An adversary may be able to use the timestamp returned from the target to attack time-based security algorithms, such as random number generators, or time-based authentication mechanisms.
Prerequisites The ability to send a timestamp request to a remote target and receive a response.
Related Weaknesses
CWE ID Description
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Related CAPECS
CAPEC ID Description
CAPEC-292 An adversary sends a probe to an IP address to determine if the host is alive. Host discovery is one of the earliest phases of network reconnaissance. The adversary usually starts with a range of IP addresses belonging to a target network and uses various methods to determine if a host is present at that IP address. Host discovery is usually referred to as 'Ping' scanning using a sonar analogy. The goal is to send a packet through to the IP address and solicit a response from the host. As such, a 'ping' can be virtually any crafted packet whatsoever, provided the adversary can identify a functional host based on its response. An attack of this nature is usually carried out with a 'ping sweep,' where a particular kind of ping is sent to a range of IP addresses.
Taxonomy: ATTACK
Entry ID Entry Name
1124 System Time Discovery