Saturday, September 6, 2014

Scanning

TCP connect scan - complete the 3-way handshake and then tear down the connection directly.  This is the most stable scan method which will not flood or crash the target server.

SYN scan - Instead of completing the 3-way handshake, it only does the first 2 steps and then send a RST packet.  The speed is faster than the TCP Connect Scan,  The scan is also "stealth" as the 3-way handshake does not complete and so the target host is unlikely to log the connection.

UDP scan - If there is response from the scan, the port is positively identified.  As the service listening to the UDP port does not always responding to incoming packet, a null return may means the port is open or the UDP packet has dropped by firewall silently.

XMAS Tree scan - the FIN, PSH and URG flags are set on in the scan packet.  Because the packet does not contains a SYN or ACK or RST, and if the port is open, the target system would ignore the packet (i.e. no response).  If the port is not open, the system responds with a RST packet according to TCP RFC.  XMAS Tree scan is effective against UNIX and Linux but not on Windows.

NULL scan - usage is similar to the XMAS Tree scan.  The scan packet is devoid of flag (i.e. no flag set)

No comments: