Investigate the idle scan, which is blind port or zombie scanning. Lisa Bock covers using the idle scan to be totally in stealth mode by using an innocent bystander or zombie, to send packets through and making the scan harder to trace. Understand the key to this scan is finding a suitable zombie that is truly idle and increments the ID field in the IP header.
- View Offline
- [Voiceover] In order to be totally in stealth mode…use the idle scan.…The basic concept is you use an innocent bystander or zombie…to send packets through and make the skin harder to trace.…The idle scan is a bit more complex than most scans.…With an idle scan, we're scanning a target system…via a third party of zombie.…Port status is not important with the idle scan.…The goal with this scan is to obtain…the IP identification number in the IP header.…
If the zombie increments the ID field,…then the zombie is a good target candidate for the scan.…Let's step through the idle scan.…First, we'll send a TCP scan to the zombie…on a port that is expected to be closed,…in order to obtain the IP header ID.…Now, we're waiting for the reset.…Once we get the reset,…then what we do is note the identification field value.…
Here we see 27694.…The second step is then we'll send a TCP scan to the target…using the zombie's IP address.…If the port is closed, a reset will be sent to the zombie.…Because the zombie never sends something,…
This course investigates the scanning tools and techniques used to obtain information from a target system, including specially crafted packets, TCP flags, UDP scans, and ping sweeps. Lisa Bock discusses how hackers can identify live systems via protocols, blueprint a network, and perform a vulnerability scan to find weaknesses. She also introduces some of the tools and techniques that hackers use to counter detection via evasion, concealment, and spoofing. In addition, learn how to reduce the threat of tunneling, a method hackers use to circumvent network security.
Note: Our Ethical Hacking series maps to the 18 parts of the EC-Council Certified Ethical Hacker (CEH) exam (312_50). This course maps to the 03 Scanning Networks domain.
- Scanning overview
- Port scanning countermeasures
- Scanning and querying DNS
- Scanning with ICMP
- Mapping (or blueprinting) a network
- Scanning for vulnerabilities
- Using tools such as hping and NetScan
- Evading detection
- Concealing your network traffic
- Preventing tunneling