You might be wondering if there's a way to get further
insight to a port that's being flagged as open or filtered. The
answer is yes. The purpose of the ACK scan is simply to
identify if a port is filtered or unfiltered. The beauty of
this very simple scan is that it lets you know if there's a
firewall between you and the destination, which is very
important information to have. The ACK scan sends a TCP segment
with the ACK flag raised to a destination IP address and port.
If there is no reply or an ICMP destination unreachable message
comes back, there's a firewall filtering your traffic. If an
RST comes back from the destination, there is obviously
no filter dropping your traffic. So think back to an Null, FIN,
or Xmas scan that was classified as either open or filtered. We
want to know, is that port open or filtered? If nothing comes
back from the ACK scan, we can say that the port is filtered.
If an RST comes back with the ACK scan, we can say that the
port is open on a non-Windows system. If the Null, FIN, Xmas
scans got an RST from a Windows system, we know the port is not
filtered. Therefore, after getting an RST back from the ACK
scan, it could mean either a Windows open port or a Windows
closed port, Which doesnt really help. Windows systems
response to Null, FIN and Xmas scans with an RST, regardless if
a port is open or closed. This is a great example of how
certain scans can be used in tandem for reconnaissance by
both the hackers and cybersecurity specialists.
转载于:https://www.cnblogs.com/sec875/articles/10028382.html