The Xmas Tree scan is a type of scan that (according to ISBN 978-1-118-64767-7) sends a packet with all flag bits set except for the PSH flag. Having all the flags set creates an illogical or illegal combination of flags, and the receiving system has to determine what to do. In most modern systems this simply means that the packet is ignored or dropped, but on some systems the lack of response tells the attacker the port is open whereas a single RST packet from the target host tells you the port is closed. According to the Nmap documentation Nmap only sets the FIN, PSH and the URG flags while using an Xmas scan.
Announcement
Collapse
No announcement yet.
Port Scanning - Xmas Tree Scan
Collapse