Hayden is the network security administrator for her company, a large finance firm based in Miami.
Hayden just returned from a security conference in Las Vegas where they talked about all kinds of
old and new security threats; many of which she did not know of. Hayden is worried about the
current security state of her company’s network so she decides to start scanning the network from
an external IP address. To see how some of the hosts on her network react, she sends out SYN
packets to an IP range. A number of IPs responds with a SYN/ACK response. Before the
connection is established she sends RST packets to those hosts to stop the session. She does
this to see how her intrusion detection system will log the traffic. What type of scan is Hayden
attempting here?
A.
Hayden is attempting to find live hosts on her company’s network by using an XMAS scan
B.
She is utilizing a SYN scan to find live hosts that are listening on her network
C.
The type of scan,she is using is called a NULL scan
D.
Hayden is using a half-open scan to find live hosts on her network
D
A SYN scan is also known as a half-open scan, right?
Why not also choose option B?
Didn’t know there was such a thing as a “half-open scan”
From the NMAP documentation:
TCP connect scan = completes the handshake – so loud
TCP SYN scan = half-open, doesn’t complete handshake – more stealth
TCP FIN scan = full stealth (but not good for Win)