Question

Scanning

Subtask 1

Place your one Kali VM and one XP VM on the same virtual network. Perform an XMAS scan on the XP machine, while capturing the packets between them. You should submit the following.

1. A short explanation of the differences you see in the XMAS scan against the Windows machine versus against what happened when scanning the Kali machine. Reference your packet capture in the explanation.

Answer 1

scan on kali ip

The following iptables rules can protect you from an Xmas scan:

iptables -A INPUT -p tcp --tcp-flags FIN,URG,PSH FIN,URG,PSH -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP

The Xmas check, fair as the Invalid and Blade filter can’t recognize between a closed and sifted harbour, as specified over, is the bundle reaction is an ICMP mistake Nmap labels it as sifted, but as clarified on Nmap book in the event that the test is prohibited without reaction it appears opened, hence Nmap appears open ports and certain sifted ports as open|filtered

if you have any doubt then please ask me without any hesitation in the comment section below , if you like my answer then please thumbs up for the answer , before giving thumbs down please discuss the question it may possible that we may understand the question different way and we can edit and change the answers if you argue, thanks :)