Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
While these TCP scans require sophisticated configuration, they can be easily performed with port-scanning tools such as Nmap Security Scanner. This type of scan usually does not negatively affect the network, but scans help attackers take steps to discover and exploit any known vulnerabilities for those services.
The system might change the risk score for this detection.
Kill Chain
Risk Score
37
An attacker initiates a TCP NULL, FIN, or XMAS scan to search for devices and services listening on open ports. First, the attacker sends a manipulated TCP packet to several ports on a network, which is designed to confuse a device into not responding. If an RST packet is received as a response, the port is considered closed, while no response means that the port is open or filtered. These types of TCP scans are stealthy because the TCP connection is not established or logged as a transaction. These scans are also useful when more common TCP SYN port scans are blocked by the network.
Quarantine devices with unexpected scanning behavior to prevent further network access
Disable services that are not required and close unnecessary ports
Enforce security zones by implementing network segmentation and firewall policies to limit how devices can communicate
