No announcement yet.

Port Scanning - Stealth Scan or Half-Open Scan

  • Filter
  • Time
  • Show
Clear All
new posts

  • Port Scanning - Stealth Scan or Half-Open Scan

    This type of scan is similar to the full open scan, with a few minor but important differnces. In this case, the attacker does not send the final ACK packet in the three-way handshake but instead sends A RST packet to tear down the connection. If the target port is closed rather than open, the three-way handshake starts with the attacker sending a SYN, only to have the target host return a RST packet indicating that the port is closed and will not accept a connection.
    Some claim that the advantage of this type of scanning is that it is less likely to trigger detection mechanisms, but it is most likely a thing of the past. In fact a full three-way handshake and a proper four-way termination procedure will most likely mix with ordinary legitimate traffic. Referring to this type of scan as a stealth scan when it is not at all such, is dangerous. A downside is that it is a little less reliable that a full open scan, because confirmation is not received during this process.
    Certified Security Geek