What is an idle scan?
idle scanning, also known as zombie scanning, uses hackers to scan TCP (TCP) ports (TCP) in an effort to map the victim's system and find out its vulnerability. This attack is one of the more sophisticated hacker techniques because the hacker is not identified through his real computer, but via a controlled zombie computer that masks the digital hacker position. Most administrators only block the address of the Hacker Internet protocol (IP), but because this address belongs to the zombie computer and not to the real hacker computer, the problem will not solve it. After performing idle scanning, the scan will show that the port is either open, closed or blocked, and the hacker will know where to start the attack. The zombie computer can belong to a common user and this user may not have the idea that his computer is used for malicious attacks. The hacker is not the case of his own computer to perform scanning, so the victim will be able to block only zombies, not hacker.
After taking control of the zombie, the hacker will steal into the victim's system and search all TCP ports. These ports are used to receive connections from other machines and are needed to perform basic computer functions. When a hacker performs idle scanning, the port returns as one of three categories. Open ports accept connections, closed ports are those that deny the connection and do not match the blocked ports.
Open ports are those hackers looking for, but closed ports can also be used for some attacks. There are vulnerabilities with an open port with a port associated with a port. Closed ports and open ports show vulnerability with the operating system (OS). The idle scanning itself rarely initiates an attack; It only shows a hacker where the start can attack.
In order for the administrator from preventing his server or site, the administrator must work with the firewalls and Ingress filters. The administrator should be the curtroLook to make sure that the firewall does not create predictable IP sequences, which will make it easier for a hacker to perform idle scanning. Ingress filters should be set to deny all external packets, especially those that have the same address as the internal system of the system.