You want to know whether a packet filter is in front of 192.168.1.10. Pings to 192.168.1.10 don’t get answered. A basic nmap scan of 192.168.1.10 seems to hang without returning any information. What should you do next?
A.
Run NULL TCP hping2 against 192.168.1.10
B.
Run nmap XMAS scan against 192.168.1.10
C.
The firewall is blocking all the scans to 192.168.1.10
D.
Use NetScan Tools Pro to conduct the scan
Hello,
A short question for a newbie 😉
Can someone explain me why a NULL scan using hping2 is better than an ACK scan with nmap (this second part is not in the list of answers but i just try to understand the usage of hping2 in this context) ?
Thanks for your help.
Buz
Because the NULL scan uses a spoofed IP address. in this context it is likely the source IP used for the basic scan is getting blocked by a firewall (ack scan is often used for determining if a statefull firewall is in the way) NULL scan should bypass a statefull firewall. Also if there is a specific rule blocking traffic from the attackers IP address this would also bypass that rule
if you send a spoofed NULL scan you will not get a response back, and therefore will not know if the port is opened or closed – unless you are somewhere on the network sniffing the responses to the spoofed IP. otherwise, there is no “better” method. it all depends on how everything has been configured. you simply need to learn what the proper responses are to each type of scan, and try them out in order to gather information.