During a vulnerability scan, you need to ensure that the scanning activities are as discreet as possible. Which protocol would be preferable for stealth scanning to reduce the chance of detection by network security devices?
TCP connect scan is regarded as less stealthy because it completes the three-way handshake, making the scan more detectable by security devices. A SYN scan, however, is more discreet as it sends a SYN packet and if a SYN-ACK is received, it does not complete the handshake but sends an RST instead. This behavior is sometimes referred to as a 'half-open' scan because it doesn't establish a full TCP connection, thereby reducing its footprint and likelihood of detection.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a TCP SYN scan and how does it work?
Open an interactive chat with Bash
What is the difference between a TCP SYN scan and a TCP connect scan?
Open an interactive chat with Bash
What are other stealth scanning techniques besides TCP SYN scans?