Shulou(Shulou.com)05/31 Report--

This article is to share with you about what empty scan Idle Scanning means. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

Null scan Idle Scanning

Empty scan Idle Scanning is a port scanning technology implemented by a third party, which can covertly scan the host itself. Its implementation is based on the following two TCP working mechanisms.

(1) during the three-way handshake of TCP, the target host receives the TCP packet of the initiator's SYN and returns the TCP packet of SYN+ACK. After receiving, if the initiator finds that the connection is not initiated by himself, it will send the TCP packet of RST and cancel the connection.

(2) in each packet sent by the host, the IP layer contains an ID field to identify the packet sent. This ID field is an integer value, and most systems are marked with an incremental sequence. That is, every time a packet is sent, the value is increased by one.

When implementing Idle Scanning, the attacker first acquires a host IP in the network, sends a data packet to the host, and obtains the ID value of the host's IP layer according to the return packet. The host IP is then spoofed to send SYN packets to a specific port of the target host. When the target host receives it, it returns the response packet. The forged host receives the response packet, sends the RST packet, and cancels the connection request. The attack plane sends a packet to the bogus host again to obtain the ID value of the IP layer. If the difference between the two ID values is 2, it means that the spoofed host has sent a packet, and it is most likely that a RST packet has been sent to the target host. If there is a difference of 1, the forged host has not sent any packets, which means that the specific port of the target host is not open or filtered.

In Kali Linux, Idle Scanning can be easily implemented through the package tool hping.

PS: during the scanning process, the forged host may send packets for other reasons, which will affect the detection results, so it needs to be scanned many times to determine the accuracy.

Thank you for reading! This is the end of the article on "what does empty scan Idle Scanning mean?". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.