Network Connection Enumeration
Jump to navigation
Jump to search
Network Connection Enumeration | |
---|---|
Technique | |
ID | T0840 |
Tactic | Discovery |
Data Sources | Process monitoring, API monitoring |
Asset | Human-Machine Interface |
Description
Adversaries may perform network connection enumeration to discover information about device communication patterns. If an adversary can inspect the state of a network connection with tools, such as netstat, in conjunction with System Firmware, then they can determine the role of certain devices on the network 1. The adversary can also use Network Sniffing to watch network traffic for details about the source, destination, protocol, and content.
Procedure Examples
- Industroyer contains an IEC 61850 module that enumerates all connected network adapters to determine their TCP/IP subnet masks.2
Mitigations
- Mitigation Limited or Not Effective - Network connection enumeration is likely obtained by using common system tools (e.g., netstat, ipconfig).
References