Michael works for Kimball Construction Company as senior security analyst. As part of yearly security audit,
Michael scans his network for vulnerabilities. Using Nmap, Michael conducts XMAS scan and most of the ports
scanned do not give a response. In what state are these ports?
A.
Closed
B.
Open
C.
Stealth
D.
Filtered
So in other words, the Xmas scan in order to identify listening ports on a targeted system will send a specific packet. If the port is open on the target system then the packets will be ignored. If closed then an RST will be sent back to the individual running the scan. Xmas scans were popular not only because of their speed compared to other scans but because of there similarity to out of state FIN and ACK packets that could easily bypass stateless firewalls and ACL filters. They do however run into problems with various operating systems that do not conform to RFC 793. These systems will send a RST response when any malformed TCP segment is received by a listening socket instead of dropping it. The attackers are then left guessing to which ports are open and which are closed.