What is the disadvantage of running a TCP Connect scan compared to running a TCP SYN scan during a penetration test?

  • Post author:
  • Post category:Blog
  • Reading time:1 mins read
  • Post last modified:June 12, 2024

What is the disadvantage of running a TCP Connect scan compared to running a TCP SYN scan during a penetration test?

  • The extra packets required may trigger an IDS alarm. 
  • Both open and closed ports are detected. 
  • Indeterminate ICMP messages are generated. 
  • Hosts and addresses outside the scope of the test may be scanned.

Explanation & Hint:

Security tools and the underlying targeted system are more likely to log the full TCP connection of a TCP Connect Scan, and intrusion detection systems (IDSs) are more likely to trigger alarms on several TCP connections from the same host. Detecting open and closed ports is not a disadvantage of a TCP Connect Scan. It is the tester’s responsibility to ensure that hosts and addresses outside the scope of the penetration test are not scanned.

For more Questions and Answers:

3.5.3 Quiz – Information Gathering and Vulnerability Scanning Answers Full 100%

Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments