I've been wrestling with this question for some time now, perhaps someone
(or many) can give me your thoughts.
There are systems that detect intruders or beak-in attempts, apparently part
of that "detection" is the identification or logging of a port scanner.
BUT, there are scanners out there that claim to be "stealth" scanners by
sending the FIN bit.
If I understand it correctly, the FIN bit basically states that "this is the
end of transmission", then the host sends an RST bit. If this is the case,
then how can this be considered stealth since the scanner sending the FIN
bit is a) awaiting the RST response, and b) must have it's IP address in the
packet?
Are there other methods of scanning which truly are stealth, or is it
currently not possible to port scan in stealth mode?
Any insights to this, or perhaps a better explanation of the FIN bit is
greatly appreciated.
Thanks.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
