An external intrusion test and analysis identify security weaknesses and strengths of the
client’s systems and networks as they appear from outside the client’s security perimeter,
usually from the Internet. The goal of an external intrusion test and analysis is to
demonstrate the existence of known vulnerabilities that could be exploited by an external attacker.
During external penetration testing, which of the following scanning techniques allow you to
determine a port’s state without making a full connection to the host?
A.
XMAS Scan
B.
SYN scan
C.
FIN Scan
D.
NULL Scan
B
A, B, C, D are all answers.
They all can detect the target ports are open or closed, and they are all stealth scans.
How sure you are? It says, without making a full connection to the host.
SYN scanning[edit]
SYN scan is another form of TCP scanning. Rather than use the operating system’s network functions, the port scanner generates raw IP packets itself, and monitors for responses. This scan type is also known as “half-open scanning”, because it never actually opens a full TCP connection. The port scanner generates a SYN packet. If the target port is open, it will respond with a SYN-ACK packet. The scanner host responds with an RST packet, closing the connection before the handshake is completed.[3] If the port is closed but unfiltered, the target will instantly respond with an RST packet.
The use of raw networking has several advantages, giving the scanner full control of the packets sent and the timeout for responses, and allowing detailed reporting of the responses. There is debate over which scan is less intrusive on the target host. SYN scan has the advantage that the individual services never actually receive a connection. However, the RST during the handshake can cause problems for some network stacks, in particular simple devices like printers. There are no conclusive arguments either way.