If you receive a RST packet while doing an ACK scan, it indicates that the port is open.(True/False).

If you receive a RST packet while doing an ACK scan, it indicates that the port is open.(True/False).

If you receive a RST packet while doing an ACK scan, it indicates that the port is open.(True/False).

A.
True

B.
False

Explanation:
When and ACK is sent to an open port, a RST is returned.



Leave a Reply 2

Your email address will not be published. Required fields are marked *


Eddie Guerrero

Eddie Guerrero

what? The answer is B. FALSE!! Ack scanning only gives filtered or unfiltered, not open or closed states, because you’re not really connecting to a service, just testing what class of FW and ACLs it might be in place.

If you get icmp replies (unreachable messages) or no response at all, it’s considered FILTERED. You’re likely dealing with an SPI FW before your target and if you got ICMP back you analyze for the next type of scan- normally SYN to ports that are filtered. These are a bit more promising.

If you get RST then it’s UNFILTERED, you’re likely dealing with basic packet filtering that doesn’t keep track of statefulness- or even worse you scanned some Windows OS which always will be unfiltered on every single port because Ack scan doesn’t work on it. The port could be opened or closed you have no idea, but you just know the Ack scan did reach the target somehow. This is not so promising.

THAT’S IT! No open or closed involved in this kind of scan.

Troy

Troy

Eddie is right.

-sA (TCP ACK scan)
This scan is different than the others discussed so far in that it never determines open (or even open|filtered) ports. It is used to map out firewall rulesets, determining whether they are stateful or not and which ports are filtered.

The ACK scan probe packet has only the ACK flag set (unless you use –scanflags). When scanning unfiltered systems, open and closed ports will both return a RST packet. Nmap then labels them as unfiltered, meaning that they are reachable by the ACK packet, but whether they are open or closed is undetermined. Ports that don’t respond, or send certain ICMP error messages back (type 3, code 0, 1, 2, 3, 9, 10, or 13), are labeled filtered.