Now days almost every systems are protected by firewalls or Intrusion Detection Systems (IDS). Nmap provides various ways to bypass these firewalls or IDS to perform port scan on a system. In this post we will learn some path that we can scan ports bypassing firewalls.
So we need to understand the difference between ACK and normal scan. The ACK scan will show unfiltered and filtered ports and normal scan shows only the open ports. Both screenshots are following.
The difference between normal scan and window scan is normal scan is shows only open ports and window scan is shows the open and closed ports.
Let make it clear by watching screenshots of both scans.
Here the zombie host works as medium between the attackers machine and target's system. To know how it actually works we can check this site.
TCP ACK Scan
IDS/firewalls can identify the SYN packets send by normal scan but the ACK scan (-sA) sends acknowledgment packets and the firewall can't create log files of ACK packets. This is the most used firewall bypassing method in Nmap.
Performing the ACK scan is very easy we did it in previous post. The command for it is following
 |
| TCP ACK Scan |
 |
| Nornaml Scan |
TCP Window Scan
The TCP Window scan (-sW) is almost same as a TCP ACK scan but it shows only open and closed ports.
To do this we need to run following command in terminal :
Let make it clear by watching screenshots of both scans.
 |
| TCP Window Scan |
|
| Normal Scan |
Idle Scan
Idle scan (-sI) is the most advanced scan is Nmap. It does not send packets from the attackers machine so target can't trace the attacker. It use a zombie host to send packets to scan target.
The command for a idle scan is :