Journal of Advanced Information Technology and Convergence (한국정보기술학회 영문논문지)
- Volume 9 Issue 1
- /
- Pages.1-10
- /
- 2019
- /
- 2234-1072(pISSN)
- /
- 2234-0963(eISSN)
DOI QR Code
Effective Detecting Method of Nmap Idle Scan
-
Hwang, Jungsik
(Interdisciplinary Program of Information & Protection Graduate School, Mokpo National University)
;
-
Kim, Minsoo
(Dept. of Information Security, Mokpo National University)
- Received : 2018.12.10
- Accepted : 2019.01.27
- Published : 2019.07.31
Abstract
In recent years, information collection of attacks through stealth port scanning technology has become more sophisticated. The most commonly used Nmap port scanner supports a variety of stealth scanning technologies along with the existing scanning techniques. Nmap also supports Idle scan that is different from conventional stealth scans. This is a more sophisticated stealth scan technique by applying the SYN scan and ACK scan techniques. In previous studies, the detection of Idle scanning was on zombie system, but was not on victim system. In this paper, we propose an effective detection method of Idle scan on victim system. The Idle scanning is composed of two stages; they are probing the zombie and victim system and scanning the victim system. We analyzed the characteristics of the two stages. The characteristics, we captured, are that SYN and RST packets are different from normal packet. We applied them to detection method, then Idle scanning is detected effectively.