• XMAS Scan: This scan, also referred to as a TCP scan, works by sending packets to the port. These packets can be PSH, URG, or FIN flags. If the target ports send a reset response, then the ports are closed.
• FIN Scan: Like an XMAS scan, a FIN scan sends a FIN flag, and if there is no response the port is open.
• ACK Scan: An ACK scan does not determine if a port is open or closed. Instead, it determines if the port is protected by a firewall or another protection system.
• Null Scan: Null scanning is similar to XMAS scanning, except that it sends a packet with without TCP flags set.
• Idle Scan: An idle scan is a scan that takes advantage of the predictable IP ID flaw exploit without revealing the hacker’s IP address.
Enumeration
Enumeration is the mathematical and computer science concept of listing all items in a set. The term is used in hacking to refer to checking all of the ports on a target system. Enumeration is the process of establishing a connection with the target system to perform queries to gain a basic knowledge of the network. Enumeration is essentially scanning ports to find information about the network. During enumeration, a hacker can extract information about file shares, usernames, group names, IP tables, hostnames, and other information. There are several types of protocols used in enumeration. The enumeration protocols are NetBIOS (Network Basic Input/Output System), SNMP (Simple Network Management Protocol), LDAP (Lightweight Directory Access Protocol), NTP (Network Time Protocol), SMTP (Simple Mail Transfer Protocol), DNS (Domain Name System), SMB (Server Message Block), and Linux/Windows. Enumeration is vital to hacking because the information gathered can be used in penetration attacks. Below is a list of Ports used in enumeration: