TCP FIN, XMAS, NULL
FIN, XMAS and NULL add an extra level of stealth to the scan byforming packets with combinations of FIN, URG and PUSH flags (or no
flags at all in the NULL scan). A closed port should return an RST
packet, whereas an open port will ignore the packet. Again, this scan is
hindered by unknown or unreliable connectivity, as an RST packet may
have been lost in transit and result in a false positive.
Windows computers, running the Microsoft TCP/IP stack, do not
follow the RFC for FIN, XMAS or NULL scans and thus render these
types of port identification irrelevant. However, deviations from the
RFC can aid in the OS identification.
No comments:
Post a Comment