Security Basics mailing list archives
RE: XMAS Scanning
From: "Fields, James" <James.Fields () bcbsfl com>
Date: Tue, 27 Jan 2004 13:09:13 -0500
It is my understanding that each combination of flags can do one of two things: 1) fake out a simple firewall looking for only certain flags or more likely 2) elicit a response from the target that will help to identify the operating system in use. Different OS's respond in fairly predictable ways to odd combinations of flags. -----Original Message----- From: Bhargav Bhikkaji [mailto:bbhikkaji () yahoo co in] Sent: Friday, January 23, 2004 1:47 AM To: security-basics () securityfocus com Subject: XMAS Scanning Hi, I am trying to understand the working of few port scanning methods using TCP. There are few methods like SYN Scan,FIN/NULL Scan, XMAS Scan and Zombie Scan. Based on my understanding. "If a packet is sent to a closed port with any control bit except RST, then the port will send a RST packet". Now my question is, why does XMAS scanning sets control bit to FIN/URG/PSH. Is it not enough to set any one of the three control bit ? Thanks Bhargav --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ---------------------------------------------------------------------------- Blue Cross Blue Shield of Florida, Inc., and its subsidiary and affiliate companies are not responsible for errors or omissions in this e-mail message. Any personal comments made in this e-mail do not reflect the views of Blue Cross Blue Shield of Florida, Inc. The information contained in this document may be confidential and intended solely for the use of the individual or entity to whom it is addressed. This document may contain material that is privileged or protected from disclosure under applicable law. If you are not the intended recipient or the individual responsible for delivering to the intended recipient, please (1) be advised that any use, dissemination, forwarding, or copying of this document IS STRICTLY PROHIBITED; and (2) notify sender immediately by telephone and destroy the document. THANK YOU. --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- XMAS Scanning Bhargav Bhikkaji (Jan 26)
- Re: XMAS Scanning Erich Buri (Jan 27)
- <Possible follow-ups>
- RE: XMAS Scanning Fields, James (Jan 27)