TCP XMAS

STEALTH Stealth tcp port scanning, involves sending one or more data packets to a target TCP port to avoid the 3-way TCP handshake with the objective of evading firewall/IDS detection.

XMAS XMAS scans send a packet with the FIN, URG, and PSH flags set XMAS scans work only on target systems that follow the RFC 793 implementation of TCP/IP and don’t work against any version of Windows.

XMAS If the port is open, there is no response; but if the port is closed, the target responds with a RST/ACK packet.

ADVANTAGES Since no TCP sessions are created for any of these scans, they are remarkably quiet from the perspective of the remote device's applications. Therefore, none of these scans should appear in any of the application logs.

DISADVANTAGES On a Windows-based computer, all ports will appear to be closed regardless of their actual state. These scan types are using packets that don’t follow the rules of TCP

When to use XMAS They don't show up in application log files, they take little network bandwidth, and they provide extensive port information on non-Windows based systems.

3. What were the IP addresses of the targets Mr. X discovered? Answer : 10.42.42.25 10.42.42.50 10.42.42.56

4. What was the MAC address of the Apple system he found? Answer : TTL으로 어느 프로콜에를 확인 할 수 있다 10.42.42.25 10.42.42.56

5. What was the IP address of the Windows system he found? Answer : packet time to live for OS 10.42.42.50

6. What TCP ports were open on the Windows system 6. What TCP ports were open on the Windows system? (Please list the decimal numbers from lowest to highest.) 열린 Tcp port들을 알아내기 위한 필터는? 그리고 윈도우즈 시스템이라는 걸 나타내는 필터는? Answer : 135 & 136