×

TCP-ACK Scanning?

TCP-ACK Scanning?

web hacking Nov 01 2023HackerHub8 BlogNetwork Hacking, tcp, scanning
web hacking

Download This Page

TCP-ACK Scanning

TCP-ACK is a third step of the TCP 3-Way Handshake process (SYN, SYN-ACK, ACK). In TCP-ACK, the client acknowledges the response of the Server, and establish a connection to proceed with the data transfer and any other communication processes.

TCP Three way handshake process

 

TCP-ACK Scanning:   

In this scan, the ACK packets are sent to the target port in order to know that if that port is filtered or unfiltered. In case of filtered port, the response will be either no response or an ICMP destination unreachable reply packet will be shown. In case of unfiltered port, an RST reply packet will be sent to all the open and closed ports.

 

Procedure:

This can is useful when the firewalls are stateless, i.e., they block all the incoming connections by just blocking the first packet of this TCP 3-Way Handshake process, i.e., SYN packets. But the stateless firewall allows ACK packets because of the stateless firewall allows internal hosts to communicate with the rest of the internet.

This scan doesn’t work for the stateful firewalls. To demonstrate, we will use a simple yet very powerful scanning tool called NMAP.

 

ACK scan command usage:

nmap -sA -T4 <anydomain address>

Nmap

 

Typical Probe Response looks like with their state:

  1.  TCP RST response – unfiltered
  2. No response received – filtered
  3. ICMP unreachable error – filtered

  In the above nmap scan result, you can see in the result about states, services, and ports after a successful TCP ACK scan.

      PORT                                    STATE                 SERVICE        
     80/tcpunfilteredhttp
    443/tcpunfilteredhttps

Prevention:

  • First things first, always have a firewall setup for filtering these types of scans.
  • Always configure the server with best practices.
  • Monitor all the scan, that are being performed on the server.

Download This Page

more

Durex India customers may have leaked online

Durex India customers may have leaked online

Sep032024

Durex India, a well-known brand for condoms and personal lubricants, has accidentally exposed sensitive information of its customers through its official website. TechCrunch was the first one to report about this breach, which has raised serious concerns about privacy and security, especially considering the intimate nature of the products involved.

Recent Posts


follow us

Telegram-black?style=for-the-badge&logo=Telegram

INSTAGRAM-purple?style=for-the-badge&logo=instagram

Tags

web hackinghackingCyber newsHackersCyber AttackcyberHacking NewsKali-linux Hackingweb toolAttack

Your Better experience on this site will be improved by allowing cookies Cookie Policy