RE: XMAS Scanning

["Fields, James" <James.Fields () bcbsfl com>]

It is my understanding that each combination of flags can do one of two things:

1) fake out a simple firewall looking for only certain flags

or more likely

2) elicit a response from the target that will help to identify the operating system in use.  Different OS's respond in 
fairly predictable ways to odd combinations of flags.

-----Original Message-----
From: Bhargav Bhikkaji [mailto:bbhikkaji () yahoo co in]
Sent: Friday, January 23, 2004 1:47 AM
To: security-basics () securityfocus com
Subject: XMAS Scanning




Hi,



I am trying to understand the working of few port scanning methods using TCP. There are few methods like SYN 
Scan,FIN/NULL Scan, XMAS Scan and Zombie Scan. 



Based on my understanding. "If a packet is sent to a closed port with any control bit except RST, then the port will 
send a RST packet". Now my question is, why does XMAS scanning sets control bit to FIN/URG/PSH. Is it not enough to set 
any one of the three control bit ?



Thanks

Bhargav


---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------





Blue Cross Blue Shield of Florida, Inc., and its subsidiary and affiliate companies are not responsible for errors or 
omissions in this e-mail message. Any personal comments made in this e-mail do not reflect the views of Blue Cross Blue 
Shield of Florida, Inc.  The information contained in this document may be confidential and intended solely for the use 
of the individual or entity to whom it is addressed.  This document may contain material that is privileged or 
protected from disclosure under applicable law.  If you are not the intended recipient or the individual responsible 
for delivering to the intended recipient, please (1) be advised that any use, dissemination, forwarding, or copying of 
this document IS STRICTLY PROHIBITED; and (2) notify sender immediately by telephone and destroy the document. THANK 
YOU.



---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
course! All of our class sizes are guaranteed to be 10 students or less.
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
and many other technical hands on courses.
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
any course!
----------------------------------------------------------------------------