Reference: Ethical Hacking and Penetration with Kali Linux
TCP Scan Types
- Full scan: completes all 3 parts of the 3-way handshake. This is the most reliable scan but very noisy and can be easily picked up by IDS systems
- Half open (syn) scan: only uses first part (syn) of the handshake to get syn-ack but won’t send the third part (ack) back. This also can be picked be IDS systems
- Stealth Scan: Varies time and frequency of scan to avoid detection by IDS. This is not a full connect scan
- Xmas Scan: malformed packet that sets fin, urg, and push flags; This is used to bypass firewalls
- Ack Scan: Sending only an ack packet; receiving end won’t know how to respond as there was no handshake; causes open ports to return a reset
- FIN Scan: Sending a packet with fin flag set; This can usually bypass the IDS systems
- Null Scan: Sending a packet with no flag set; This can also bypass the IDS systems in most cases
UDP Scanning
- Unlike TCP, UDP protocol doesn’t have too many controls and handshakes. The process of a UDP stream is much simpler.
- Source device will send a UDP request and the destination will respond.
- UDP scanning scans only for UDP packets
- It is less reliable than TCP scanning
- Maybe of limited value, since UDP or ICMP may be blocked at the firewall
ICMP Scanning
- ICMP is the most common protocol to
- Ping scanning is the most common way of scanning
- Live hosts may respond to ICMP Type 0 or 8
- Most network scanners include ping scans
- Usually it will trigger IDS alerts and is detectable
No comments:
Post a Comment