January 28, 2012

3.2.11 Xmas Attack

Xmas Attack

One of the three Nmap scan types:
Xmas scan (-sX) – Sets the FIN, PSH, and URG flags, lighting the packet up like a Christmas tree.
Null scan (-sN) – Does not set any bits (TCP flag header is 0)
FIN scan (-sF) – Sets just the TCP FIN bit.

One of the most popular attacks that utilizes Nmap is the Xmas attack (also known as the Xmas scan and Christmas attack). This is an advanced scan that tries to get around firewall detection and look for open ports. It accomplishes this by setting three flags (FIN, PSH, and URG).

References:

  • http://nmap.org/book/man-port-scanning-techniques.html
  • CompTIA Security+ Study Guide: Exam SY0-301, Fifth Edition by Emmett Dulaney


No comments:

Post a Comment