Attack Depth

Hello again.

How is Attack Depth calculated?  What does a negative value for Attack Depth stand for?

Thank you again.

SC

3replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • Hi, Subbarao Chitturi

    Attack Depth indicates how many separate attack steps it takes to reach from an Untrusted Threat Source to the location in question.  So if you have a host with a vuln that is directly exposed to attack, that host will have AD=1.  If you have a host that cannot be reached directly from any Threat Source, but can be reached after an attacker exploits a leapfrog vuln at AD=1, then that host will be at AD=2 - meaning it would take two attacks in sequence to get there.

    That handles all the positive numbers.  However, we can find hosts that have NO chains of attack to reach them at all.  In the GUI, we display this as "Unreachable", so that's what you will see.  However, if you call the API to get the underlying values, you'll find we encode that as a negative number.  You could also see a zero, if you had a scanned host living in a subnet that is already marked as a Threat Source - meaning that host already lives in a network that is outside your control, and so cannot be trusted.

    Reply Like
  • I appreciate you sharing this article.Thanks Again. Much obliged.

    click here

    Reply Like
  • Pakistan Tehreek-e-Insaf (PTI) led by cricketer-turned politician Imran Khan emerged as third major political force in Pakistan after the party's massive rally at Minar-e-Pakistan in October 2011.

    The PTI, founded in 1996 by Imran Khan, wants to made Pakistan a social welfare state. It is the main contender for power against the ruling Pakistan Muslim League-Nawaz leaving the Pakistan People's Party behind as the main opposition party of the country. 

    <a href="http://ptistakeholders.portfoliobox.net/">visit our site</a>

    Reply Like
reply to topic
Like Follow
  • 3 mths agoLast active
  • 3Replies
  • 884Views
  • 4 Following