No announcement yet.

Port Scanning - ACK Scan

  • Filter
  • Time
  • Show
Clear All
new posts

  • Port Scanning - ACK Scan

    An interesting use of setting flags during a port scan is the use of the ACK scan which is used to test whether any filtering is being done on the target port. Filtering indicates that a stateful firewall is present between the target host and the attacker. The result that comes back from the probe tell the attacker whether a firewall or router is being used.
    Many methods are available to evade or minimize the risk of detection while scanning. One way is to use fragmentation in that a packet is fragmented into multiple pieces with the goal of preventing detection devices from seeing what the original unfragmented packet intended to do. IDS systems like Snort now has the ability to keep the fragmented packets and reassemble them for analysis. IDS systems are not truly real time and this gives IDS systems this ability. For a real-time IPS to do this in wire speed will likely result in latency and packet loss.

    Tools that have the capability to do fragmenting includes the following
    • Nmap
    • Fragtest
    • Fragroute

    Certified Security Geek