1
00:00:00,240 --> 00:00:04,620
‫Up to now, we have seen the most important scanning tapes to discover a network.

2
00:00:05,370 --> 00:00:09,740
‫There are some other scanning techniques in and map which are not used as much as the others.

3
00:00:09,750 --> 00:00:16,110
‫But in some cases you may need to find some other ways to be able to discover the sensitive hosts in

4
00:00:16,110 --> 00:00:16,680
‫a network.

5
00:00:17,250 --> 00:00:23,370
‫In this slide, we'll see three more skin types no fin and Christmas scans.

6
00:00:24,430 --> 00:00:30,640
‫The common ground of these three scanning methods, no fin and Christmas scans is that they send packets

7
00:00:30,640 --> 00:00:36,040
‫to the target systems in which sin, ach and risk flags are not set.

8
00:00:37,320 --> 00:00:42,180
‫No scan, as upper case end does not set any bits.

9
00:00:42,870 --> 00:00:45,600
‫That is, the TCP flag header is zero.

10
00:00:46,110 --> 00:00:51,270
‫Fin scan as uppercase F sets just the TCP fin bit.

11
00:00:52,340 --> 00:01:02,000
‫Christmas scan as Upper Case X sets the fin push and urge flags lighting the packet up like a Christmas

12
00:01:02,000 --> 00:01:02,300
‫tree.

13
00:01:03,780 --> 00:01:07,440
‫There are two rules defined in RF standards about such packet.

14
00:01:08,780 --> 00:01:15,740
‫The first rule is if the destination port state is closed and incoming segment not containing a risk

15
00:01:16,130 --> 00:01:18,680
‫causes a risk to be sent in response.

16
00:01:19,400 --> 00:01:22,190
‫The second rule is packet sent to open ports.

17
00:01:22,190 --> 00:01:26,120
‫Without this in risk or act bit set our drop.

18
00:01:27,550 --> 00:01:34,960
‫These three scan tapes are exactly the same in behavior, except for the TCP flags set in probe packets.

19
00:01:36,070 --> 00:01:44,080
‫If a risk packet is received, the port is considered closed, while no response means it is open or

20
00:01:44,080 --> 00:01:44,440
‫filtered.

21
00:01:45,390 --> 00:01:54,420
‫If an ICMP unreachable error, type three code zero one, two, three, nine, 10 or 13 is received.

22
00:01:55,320 --> 00:02:01,410
‫The port is marked as filtered, so as a result, with these types of scans, you can find out if a

23
00:02:01,410 --> 00:02:02,640
‫port is closed or not.

24
00:02:03,150 --> 00:02:06,870
‫It's not possible to understand if it's open or filtered if there's no response.

25
00:02:07,720 --> 00:02:14,020
‫This scan is different than the others discussed so far in that it never determines open or even open

26
00:02:14,020 --> 00:02:14,980
‫filtered ports.

27
00:02:15,980 --> 00:02:22,760
‫It's used to map out firewall rules set, determining whether they're stateful or not and which ports

28
00:02:22,760 --> 00:02:23,240
‫are filtered.

29
00:02:24,140 --> 00:02:27,680
‫The Acts scan probe packet has only the EC flag set.

30
00:02:28,710 --> 00:02:33,750
‫When scanning unfiltered systems, open and closed ports will both return a receipt packet.

31
00:02:34,820 --> 00:02:39,280
‫And map and labels him as unfiltered, meaning that they are reachable by the act packet.

32
00:02:39,650 --> 00:02:42,320
‫But whether or not they're open or closed is undetermined.

33
00:02:43,360 --> 00:02:47,740
‫Ports that don't respond or send certain ICMP error messages back.

34
00:02:47,860 --> 00:02:54,310
‫Type three code zero one two three nine 10 were 13 are labeled filter.