You might be wondering if there's a way to get furtherinsight to a port that's being flagged as open or filtered. Theanswer is yes. The purpose of the ACK scan is simply toidentify if a port is filtered or unfiltered. The beauty ofthis very simple scan is that it lets you know if there's afirewall between you and the destination, which is veryimportant information to have. The ACK scan sends a TCP segmentwith the ACK flag raised to a destination IP address and port.If there is no reply or an ICMP destination unreachable messagecomes back, there's a firewall filtering your traffic. If anRST comes back from the destination, there is obviouslyno filter dropping your traffic. So think back to an Null, FIN,or Xmas scan that was classified as either open or filtered. Wewant to know, is that port open or filtered? If nothing comesback from the ACK scan, we can say that the port is filtered.If an RST comes back with the ACK scan, we can say that theport is open on a non-Windows system. If the Null, FIN, Xmasscans got an RST from a Windows system, we know the port is notfiltered. Therefore, after getting an RST back from the ACKscan, it could mean either a Windows open port or a Windowsclosed port, Which doesnt really help. Windows systemsresponse to Null, FIN and Xmas scans with an RST, regardless ifa port is open or closed. This is a great example of howcertain scans can be used in tandem for reconnaissance byboth the hackers and cybersecurity specialists.
转载于:https://www.cnblogs.com/sec875/articles/10028382.html
