While performing an Nmap scan against a host, Paola determines the existence of a firewall. In an attempt to determine whether the firewall is stateful or stateless, which of the following options would be best to use?
Correct: A = TCP ACK Scan (-sA)
Special scan - never determines open (or even open|filtered) ports. It is used to map out firewall rulesets, determining whether they are stateful or not and which ports are filtered.
https://nmap.org/book/scan-methods-ack-scan.html
TCP Connect Scan (-sT)
By default used when default SYN scan (-sS) is not an option due to missing raw packet privileges or scanning IPv6 networks. Instead of writing raw packets, Nmap asks the underlying OS to establish a connection by "connect" system call.
https://nmap.org/book/scan-methods-connect-scan.html
TCP FIN, NULL, and Xmas Scans (-sF, -sN, -sX):
Null scan (-sN) - Does not set any bits (TCP flag header is 0)
FIN scan (-sF) - Sets just the TCP FIN bit.
Xmas scan (-sX) - Sets the FIN, PSH, and URG flags, lighting the packet up like a Christmas tree.
- scanning systems compliant with this RFC text, any packet not containing SYN, RST, or ACK bits will result in a returned RST if the port is closed and no response at all if the port is open.
https://nmap.org/book/scan-methods-null-fin-xmas-scan.html
Additional info:
TCP SYN (Stealth) Scan (-sS)
SYN scan is the default and most popular scan option for good reason. It can be performed quickly, scanning thousands of ports per second on a fast network not hampered by intrusive firewalls. SYN scan is relatively unobtrusive and stealthy, since it never completes TCP connections.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
NikoTomas
1 month, 1 week agoNikoTomas
1 month, 1 week ago