Port scanning is carried out by both hackers and information security professionals alike to probe network hosts and discover active services. Port scanning is often instrumental in exploiting potential vulnerabilities that exist in services running on a host; hence the reason for stealth port scans that try to evade firewall/IDS devices.

Although today’s IDS can pick up almost any type of traditional stealth scans, IDS or firewall evasion does exist and is commonly performed by using packet fragmentation or by using proxy hosts. This article looks at how these basic tcp stealth scans work. (more…)