On Sat, Dec 08, 2001 at 11:07:40AM +0100, Jih?ne Krich?ne wrote: > Do any one know nmap ? Sure. > if yes, can you please answer this question ? > the -sS option checks the half opened ports on the target machine ; or > generates a TCP Syn flood attack to the target? Extract of the manpage (read the _fine_ manual *g* ) -sS TCP SYN scan: This technique is often referred to as "half-open" scanning, because you don't open a full TCP connection. You send a SYN packet, as if you are going to open a real connection and you wait for a response. A SYN|ACK indicates the port is listening. A RST is indicative of a non-lis tener. If a SYN|ACK is received, a RST is immedi ately sent to tear down the connection (actually our OS kernel does this for us). The primary advan tage to this scanning technique is that fewer sites will log it. Unfortunately you need root privi leges to build these custom SYN packets. With best regards Hans -- Hans-Joachim Picht, Consultant <h.picht@lnxce.net> Linux Consulting Europe http://www.lnxce.net Vogelhecke 2 D - 35447 Reiskirchen Tel: +491751629201 Fax: +49640862649 Germany ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.