In this kind of port scan the port scanner establishes a full 3 way TCP/IP handshake connection with all ports on the remote system.
Attacker =>SYN => Target
case 1:
Target => SYN/ACK => Attacker
case 2:
Target => RST/ACK => Attacker
Attacker => ACK => Target
TCP port scan is very difficult to determine.This is because these type of scanning never establishes a connection with the target.
Countermeasures:
Create a router or firewall rule that creates a buffer and limits the number of connections that can be established from the same IP
Support The Ethical Hacker !! - Click Here If You Like My Contents !!!
Thursday, November 12, 2009
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment