According to RFC 793, a TCP segment without a SYN, ACK, orRST flag set, will result in a RST sent in return if the portis closed, and no response, if the port is open. Anycombination of the other three flags (URG, PSH, and FIN) wouldtrigger this behavior, but three scans, the Null Scan, the FINScan, and the Xmas Scan, were chosen to exPLOIT thisbehavior. NMAP, therefore, needs to build these packets,and root access is a must. The Null scan has no flags set.Specifically, the SYN, ACK, and RST flags are not set. The FINscan just has the FIN flag set. The SYN, ACK, and RST flags arenot set. The Xmas scan has bits in the flags section in analternating pattern of ones and zeros, like lights on aChristmas tree. The URG, PSH, and FIN flags are set, but theSYN, ACK, and RST flags are not set. When one of these scans isreceived by a destination port that's open, no response issent. It's as if the destination port is so confusedas to what it just received that it just sits there in stunnedsilence. When of these scans is received by a destination portthat's closed, an RST is sent in response. In each of thesescans, destination ports are identified as either closed, oropen or filtered. The open or filtered classification is dueto the fact that firewalls will often drop packets without aresponse. Because it's impossible to determine if amissing response was due to an open port or a filtered networkconnection, there's no way to differentiate between an openport and an administratively dropped frame. Another caveat isthat Windows machines will always send an RST for each ofthese three scans. The Null, FIN, and Xmas scans are verystealthy. They don't show up in application log files and useminimal network bandwidth. They can, however, easily befingerprinted by an IDS, IPS, or firewall.
转载于:https://www.cnblogs.com/sec875/articles/10028375.html
相关资源:垃圾分类数据集及代码