A security analyst suspects that an attacker is scanning their network. They notice a large number of TCP SYN packets being sent to various ports on a single host, but no SYN-ACK responses are returned. Which type of scan is most likely being used?
Trap 1: TCP connect scan
TCP connect scan completes the handshake, so SYN-ACK would be received from open ports.
Trap 2: UDP scan
UDP scans send UDP datagrams, not TCP SYN packets.
Trap 3: FIN scan
FIN scan sends FIN packets, not SYN.
- A
TCP connect scan
Why wrong: TCP connect scan completes the handshake, so SYN-ACK would be received from open ports.
- B
UDP scan
Why wrong: UDP scans send UDP datagrams, not TCP SYN packets.
- C
SYN scan
SYN scan sends SYN packets; lack of SYN-ACK indicates filtered/closed ports.
- D
FIN scan
Why wrong: FIN scan sends FIN packets, not SYN.