TCP Scanning
There are numerous types of TCP port scanning. Some are “Stealthy” tofirewalls and intrusion detection systems. These methods rely on the
specific implementation of TCP/IP stacks within different systems and
their idiosyncrasies.
We will now examine types of TCP scanning:
• TCP Connect
• TCP SYN
• TCP FIN
• TCP XMAS
• TCP NULL
TCP Connect
TCP connect scanning is the most common form of port scanning today.It is based on the TCP 3-way handshake. In a TCP connect scan, the
scanning client attempts a full 3- way handshake with the target,
sending a SYN packet, and on receipt of a SYN/ACK, responding with
the final ACK.
The connect scan is easily detected, as it will be logged by perimeter
devices as a connection event. A high enough frequency of TCP
connections will surpass the thresholds of many Firewalls, causing an
alert.
No comments:
Post a Comment