What type of port scan is shown below?
A.
Idle Scan
B.
FIN Scan
C.
XMAS Scan
D.
Windows Scan
Explanation:The FIN scan’s “stealth” frames are unusual because they are sent to a device without first going through the normal TCP handshaking. If a TCP session isn’t active, the session certainly can’t be formally closed!
In this FIN scan, TCP port 443 is closed so the remote station sends a RST frame response to the FIN packet:
sF_scan_closed
Source Destination Summary
—————————————————————————————-
[192.168.0.8] [192.168.0.7] TCP: D=443 S=62178 FIN SEQ=3532094343 LEN=0 WIN=2048
[192.168.0.7] [192.168.0.8] TCP: D=62178 S=443 RST ACK=3532094343 WIN=0If a port is open on a remote device, no response is received to the FIN scan:
sF_scan_open
Source Destination Summary
————————————————————————————–
[192.168.0.8] [192.168.0.7] TCP: D=23 S=62178 FIN SEQ=3532094343 LEN=0 WIN=2048The nmap output shows the open ports located with the FIN scan:
# nmap -sF -v 192.168.0.7
Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-04-23 21:17 EDT
Initiating FIN Scan against 192.168.0.7 [1663 ports] at 21:17
The FIN Scan took 1.51s to scan 1663 total ports.
Host 192.168.0.7 appears to be up … good.
Interesting ports on 192.168.0.7:
(The 1654 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
21/tcp open|filtered ftp
22/tcp open|filtered ssh
23/tcp open|filtered telnet
79/tcp open|filtered finger
110/tcp open|filtered pop3
111/tcp open|filtered rpcbind
514/tcp open|filtered shell
886/tcp open|filtered unknown
2049/tcp open|filtered nfs
MAC Address: 00:03:47:6D:28:D7 (Intel)Nmap finished: 1 IP address (1 host up) scanned in 2.276 seconds
Raw packets sent: 1674 (66.9KB) | Rcvd: 1655 (76.1KB)
Correct, but it wont work on windows. Am i right?