What type of port scan is shown below?

What type of port scan is shown below?

What type of port scan is shown below?

A.
Idle Scan

B.
FIN Scan

C.
XMAS Scan

D.
Windows Scan

Explanation:The FIN scan’s “stealth” frames are unusual because they are sent to a device without first going through the normal TCP handshaking. If a TCP session isn’t active, the session certainly can’t be formally closed!

In this FIN scan, TCP port 443 is closed so the remote station sends a RST frame response to the FIN packet:

sF_scan_closed

Source         Destination    Summary
—————————————————————————————-
[192.168.0.8] [192.168.0.7] TCP: D=443 S=62178 FIN SEQ=3532094343 LEN=0 WIN=2048
[192.168.0.7] [192.168.0.8] TCP: D=62178 S=443 RST ACK=3532094343 WIN=0

If a port is open on a remote device, no response is received to the FIN scan:

sF_scan_open

Source         Destination    Summary
————————————————————————————–
[192.168.0.8] [192.168.0.7] TCP: D=23 S=62178 FIN SEQ=3532094343 LEN=0 WIN=2048

The nmap output shows the open ports located with the FIN scan:

# nmap -sF -v 192.168.0.7

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-04-23 21:17 EDT
Initiating FIN Scan against 192.168.0.7 [1663 ports] at 21:17
The FIN Scan took 1.51s to scan 1663 total ports.
Host 192.168.0.7 appears to be up … good.
Interesting ports on 192.168.0.7:
(The 1654 ports scanned but not shown below are in state: closed)
PORT     STATE         SERVICE
21/tcp   open|filtered ftp
22/tcp   open|filtered ssh
23/tcp   open|filtered telnet
79/tcp   open|filtered finger
110/tcp  open|filtered pop3
111/tcp  open|filtered rpcbind
514/tcp  open|filtered shell
886/tcp  open|filtered unknown
2049/tcp open|filtered nfs
MAC Address: 00:03:47:6D:28:D7 (Intel)

Nmap finished: 1 IP address (1 host up) scanned in 2.276 seconds
Raw packets sent: 1674 (66.9KB) | Rcvd: 1655 (76.1KB)



Leave a Reply 1

Your email address will not be published. Required fields are marked *


Gergo

Gergo

Correct, but it wont work on windows. Am i right?