Re: XMAS Scanning

[Erich Buri <buri () z17 net>]

> Based on my understanding. "If a packet is sent to a closed port with 
> any control bit except RST, then the port will send a RST packet".

> Now my question is, why does XMAS scanning sets control
> bit to FIN/URG/PSH.

XMAS-Scan is called XMAS-scan becaus all Flags show up like bulps on a 
x-mas-tree!

> Is it not enough to set any one of the three control bit ?

Some implementations may respond diffrent to diffrent combinations of 
flags. That's why we have all the different methods.

gruss
buri


---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------