• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 958
  • Last Modified:

What is stealth scan please

What is stealth scan please
I could not find any website about this
Please help
Thanks
Jean
0
jean11
Asked:
jean11
1 Solution
 
DarkFishCommented:
I assume you mean the process of scanning a target (e.g. computer or router) multiple times on specific ports or port ranges to see if the target responds in any manner, and if so in a manner that might reveal a vulnerability within the target.

For example someone could scan your computer's IP address on the Internet to see if it responds to specific requests on a port range; if it did then they could identify that there was a target there; the stealth element is to try and ensure that the target is essentially "invisible" by not responding to any requests on any port without proper protocol.
0
 
LazarusCommented:
A Stealth scan can refer to more than one type of scan.

Half-Open or SYN scan: Instead of completing the full TCP three-way-handshake a full connection is not made. A SYN packet is sent to the system and if a SYN/ACK packet is received it is assumed that the port on the system is active. In that case a RST/ACK will be sent which will determined the listening state the system is in. If a RST/ACK packet is received, it is assumed that the port on the system is not active.

FIN scan: According to RFC 793 a system should send back an RST for all TCP ports closed when they receive a FIN packet for a specific port.

XMAS tree scan: According to RFC 793 a system should send back an RST for all TCP ports closed when they receive a FIN/URG/PUSH packet for a specific port.

NULL scan: According to RFC 793 a system should send back an RST for all TCP ports closed when they receive a packet without any specified IP flags for a specific port.
Slow scan: Any of the above scans could be used as a slow scan. A slow scan is when the attacker sends packets at a very slow rate. Sometimes these scans can be conducted over hours, days, or weeks. The idea is since they are so slow, the victim's security measures won't ``notice'' the scan.
0
 
jahboiteCommented:
lazarus98 provides an excellent answer and I would merely add that "Stealth Scan" most commonly refers to the SYN (Half-Open) scan and that the word "Stealth" refers to the fact that, as the three-way handshake is never completed and a full connection is never established, the scan is less likely to be logged by packet aware applications (e.g. firewalls) on the target.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now