Scan Types
supported by Nmap (cont.)
¨TCP SYN (-sS)
–Only sends the initial
SYN and waits for ACK to detect open port.
–SYN scans stop two-thirds of the way through the 3-way handshake
–Aka half-open
scan
–Attacker sends a RESET
after receiving a SYN-ACK response
–A true connection is
never established
– If target port is closed, destination will
send a RESET or nothing.
–Faster and stealthier
than Connect scans
–SYN flood may cause accidental denial-of-service attack if target is slow