Category: 

What Is an Idle Scan?

Article Details
  • Written By: Alex Newth
  • Edited By: Angela B.
  • Last Modified Date: 29 August 2016
  • Copyright Protected:
    2003-2016
    Conjecture Corporation
  • Print this Article
Free Widgets for your Site/Blog
The U.S. Coast Guard led the evacuation of more than 500,000 people from Lower Manhattan on 11 September 2001.  more...

September 27 ,  1940 :  The World War II Axis powers formed with the signing of the Tripartite Pact.  more...

An idle scan, also known as a zombie scan, is used by hackers to scan transmission control protocol (TCP) ports in an attempt to map the victim’s system and find out its vulnerabilities. This attack is one of the more sophisticated hacker techniques, because the hacker is not identified through his or her real computer but through a controlled zombie computer that masks the hacker’s digital location. Most administrators just block the Internet protocol (IP) address of the hacker but, since this address belongs to the zombie computer and not the hacker’s real computer, this does not resolve the issue. After performing the idle scan, the scan will show a port is either open, closed or blocked, and the hacker will know where to start an attack.

An idle scan attack begins with the hacker taking control of a zombie computer. A zombie computer may belong to a regular user, and that user may have no idea that his or her computer is being used for malicious attacks. The hacker is not using his or her own computer to do the scan, so the victim will only be able block the zombie, not the hacker.

Ad

After taking control of a zombie, the hacker will sneak into the victim’s system and scan all the TCP ports. These ports are used to accept connections from other machines and are needed to perform basic computer functions. When the hacker performs an idle scan, the port will return as one of three categories. Open ports accept connections, closed ports are those that are denying connections, and blocked ports give no reply.

Open ports are the ones hackers look for, but closed ports also can be used for some attacks. With an open port, there are vulnerabilities with the program associated with the port. Closed ports and open ports show vulnerability with the operating system (OS). The idle scan itself rarely initiates the attack; it just shows the hacker where he or she can start an attack.

For an administrator to defend his or her server or website, the administrator has to work with firewalls and ingress filters. The administrator should check to make sure the firewall does not produce predictable IP sequences, which will make it easier for the hacker to perform the idle scan. Ingress filters should be set to deny all outside packets, especially those that have the same address as the system’s internal network.

Ad

You might also Like

Recommended

Discuss this Article

Post your comments

Post Anonymously

Login

username
password
forgot password?

Register

username
password
confirm
email