Signature Detail

SCAN: NMAP XMAS TCP Packet

This signature detects attempts to scan the system for ports using NMAP scanner. Attackers can send TCP URG and PUSH packets with some or no options set in the options byte and wait for a response. Open ports should not respond; if no service is running or if no daemon is listening, the port is closed and the system responds with a RST message.

Extended Description

A successful scan may expose information to assist an attacker in conducting further attacks. The impact depends on how a target system handles such attacks.

References

• URL: http://www.insecure.org/nmap/
• URL: http://svn.digium.com/view/cheops-ng/tags/deblah/nmap/docs/nmap_manpage.html?rev=7&view=markup