Thread: What is a FIN port scan.
View Single Post
  #3 (permalink)  
Old June 24th, 2006
foolofthehill's Avatar
foolofthehill foolofthehill is offline
The Final Frontier
  
Join Date: March 24th, 2006
Location: Thailand
Posts: 1,974
foolofthehill has a spectacular aura about
Default
You can also read here:
http://netsecurity.about.com/cs/hack...a/aa121303.htm


Or this here:
FIN scan

The typical TCP scan attempts to open connections (at least part way). Another technique sends erroneous packets at a port, expecting that open listening ports will send back different error messages than closed ports. The scanner sends a FIN packet, which should close a connection that is open. Closed ports reply to a FIN packet with a RST. Open ports, on the other hand, ignore the packet in question. This is required TCP behavior. If no service is listening at the target port, the operating system will generate an error message. If a service is listening, the operating system will silently drop the incoming packet. Therefore, silence indicates the presence of a service at the port. However, since packets can be dropped accidentally on the wire or blocked by firewalls, this isn't a very effective scan.

Other techniques that have been used consist of XMAS scans where all flags in the TCP packet are set, or NULL scans where none of the bits are set. However, different operating systems respond differently to these scans, and it becomes important to identify the OS and even its version and patch level.
:-)
__________________
"Never Argue With An Idiot. They Will Drag You Down To Their Level, Then Beat You With Experience"
Reply With Quote