DETECTION OVERVIEW

TCP SYN Scan

Risk Factors

Port scans are easy to run and have few disadvantages. After an attacker identifies services responding over an open port, they could flood that device with a large number of SYN packets to prevent legitimate requests from the network or take steps to exploit any vulnerabilities known for that service.

The system might change the risk score for this detection.

Kill Chain

Reconnaissance

Risk Score

Attack Background

An attacker initiates a TCP SYN scan to search for services listening on open ports. Port scans are a common form of reconnaissance, which an attacker will perform after the initial compromise. Tools for performing such scans are widely available, including the popular Nmap Security Scanner.

Mitigation Options

If the device running the scan is unfamiliar or the activity is unexpected, quarantine the device to prevent further network access.

MITRE ATT&CK ID

T1046
T1595

Professional Services

Partners

Partner Login

Partner Finder

View All Use Cases

View All Industries

View All Integrations

Attack Background

Mitigation Options

MITRE ATT&CK ID

What else can RevealX do for you?

View our Periodic Table of use cases