Presentation is loading. Please wait.

Presentation is loading. Please wait.

TCP XMAS.

Published byShinta Hartono Modified over 5 years ago

Similar presentations

Presentation on theme: "TCP XMAS."— Presentation transcript:

1 TCP XMAS

2 STEALTH Stealth tcp port scanning, involves sending one or more data packets to a target TCP port to avoid the 3-way TCP handshake with the objective of evading firewall/IDS detection.

3 XMAS XMAS scans send a packet with the FIN, URG, and PSH flags set
XMAS scans work only on target systems that follow the RFC 793 implementation of TCP/IP and don’t work against any version of Windows.

4 XMAS If the port is open, there is no response; but if the port is closed, the target responds with a RST/ACK packet.

5 ADVANTAGES Since no TCP sessions are created for any of these scans, they are remarkably quiet from the perspective of the remote device's applications. Therefore, none of these scans should appear in any of the application logs.

6 DISADVANTAGES On a Windows-based computer, all ports will appear to be closed regardless of their actual state. These scan types are using packets that don’t follow the rules of TCP

7 When to use XMAS They don't show up in application log files, they take little network bandwidth, and they provide extensive port information on non-Windows based systems.

8 3. What were the IP addresses of the targets Mr. X discovered?
Answer :

9 4. What was the MAC address of the Apple system he found?
Answer : TTL으로 어느 프로콜에를 확인 할 수 있다

10 5. What was the IP address of the Windows system he found?
Answer : packet time to live for OS

11 6. What TCP ports were open on the Windows system
6. What TCP ports were open on the Windows system? (Please list the decimal numbers from lowest to highest.) 열린 Tcp port들을 알아내기 위한 필터는? 그리고 윈도우즈 시스템이라는 걸 나타내는 필터는? Answer : 135 & 136

Download ppt "TCP XMAS."

Similar presentations

TCP/IP Christopher Zacky. lolwut Decimal Numbers.

TCP/IP Christopher Zacky. lolwut Decimal Numbers.
COEN 252 Computer Forensics Using TCPDump / Windump for package analysis.

COEN 252 Computer Forensics Using TCPDump / Windump for package analysis.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Transport Layer Network Fundamentals – Chapter 4.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Transport Layer Network Fundamentals – Chapter 4.
Nmap Experiment.

Nmap Experiment.
NMAP Scanning Options. EC-Council NMAP  Nmap is the most popular scanning tool used on the Internet.  Cretead by Fyodar (http://www.insecure.org), it.

NMAP Scanning Options. EC-Council NMAP  Nmap is the most popular scanning tool used on the Internet.  Cretead by Fyodar ( it.
Packets and Protocols Chapter Seven Real World Packet Captures.

Packets and Protocols Chapter Seven Real World Packet Captures.
1 Reading Log Files. 2 Segment Format

1 Reading Log Files. 2 Segment Format
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
Xmas Tree Scan Detection with Snort Presented by: Aqila Dissanayake University of Windsor Olalekan Kadri University of Windsor

Xmas Tree Scan Detection with Snort Presented by: Aqila Dissanayake University of Windsor Olalekan Kadri University of Windsor
IP Network Scanning.

IP Network Scanning.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated 9-18-08.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
TRANSPORT LAYER  Session multiplexing  Segmentation  Flow control (TCP)  Connection-oriented (TCP)  Reliability (TCP)

TRANSPORT LAYER  Session multiplexing  Segmentation  Flow control (TCP)  Connection-oriented (TCP)  Reliability (TCP)
Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.

Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
Scanning February 23, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.

TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.
Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Similar presentations

Ads by Google