SYN scan Syskey SYN scan A type of stealth scan that makes use of SYN packets. Overview Transmission Control Protocol (TCP) uses a three-way handshake process to establish a connection between two hosts, for which the following steps take place: 1- The host wishing to establish the connection sends a SYN packet to the target host to request a socket connection. 2- The target host responds with a SYN/ACK that acknowledges receipt of the original SYN packet and sends its own SYN to request a socket. 3- The originating host replies with an ACK, and a connection between the two hosts is established. In a SYN scan, an attacker sends a SYN packet to a port on a target host to see how the host responds. If the host responds with a SYN/ACK packet, this means the tar- geted port is listening (open) and may be targeted for further attack. Meanwhile, the attacker simply drops the received SYN/ACK packet instead of acknowledging it, which means a connection is not established with the target host. Alternatively, the attacker might respond with an RST packet, which can sometimes help prevent the remote host from logging the connection attempt. If the target port on the remote host is not listening, the remote host responds with an RST packet instead (or possibly provides no response, if a firewall blocks RST packets from leaving the network). Notes Because a SYN scan fails to complete a TCP connec- tion that the attacker tries to initiate with the target, it is sometimes called a “half-open” scan. SYN to port 80 1 2 3 SYN/ACK Drop packet Attacker Web server (target) SYN scan. How a SYN scan works. See Also: port scanning, stealth scanning Syskey A Microsoft Windows NT utility for strengthening password security. Overview Syskey first was released as a post–Service Pack 2 (SP2) hotfix for Windows NT and later was included as part of Service Pack 3. Syskey helps protect Windows NT passwords by implementing strong 128-bit encryp- tion for password hashes instead of the previous 40-bit level of encryption. Should an attacker compromise a system and extract password hashes from the SAM database, Syskey makes cracking these hashes much more difficult. However, implementing Syskey is an irreversible step, and the encryption key must be safely stored since if it is lost or corrupted, the system will be unbootable. To provide administrators with flexibility in protecting this key, Syskey provides three key man- agement options: ● Store the startup key locally on the system: The disadvantage is that if the system is compromised and the startup key is obtained, an attacker could crack stored passwords. ● Store the startup key on a floppy disk: The disad- vantage is that the floppy disk must be inserted each time the system needs to be booted, and if the floppy is lost, the system will be unbootable. Man- aging large numbers of such floppies also can be an administrative headache if there are many servers S 333 SYN scan Syskey SYN scan A type of stealth scan that makes use of SYN packets. Overview Transmission Control Protocol (TCP) uses a three-way handshake process to establish a connection between two hosts, for which the following steps take place: 1- The host wishing to establish the connection sends a SYN packet to the target host to request a socket connection. 2- The target host responds with a SYN/ACK that acknowledges receipt of the original SYN packet and sends its own SYN to request a socket. 3- The originating host replies with an ACK, and a connection between the two hosts is established. In a SYN scan, an attacker sends a SYN packet to a port on a target host to see how the host responds. If the host responds with a SYN/ACK packet, this means the tar- geted port is listening (open) and may be targeted for further attack. Meanwhile, the attacker simply drops the received SYN/ACK packet instead of acknowledging it, which means a connection is not established with the target host. Alternatively, the attacker might respond with an RST packet, which can sometimes help prevent the remote host from logging the connection attempt. If the target port on the remote host is not listening, the remote host responds with an RST packet instead (or possibly provides no response, if a firewall blocks RST packets from leaving the network). Notes Because a SYN scan fails to complete a TCP connec- tion that the attacker tries to initiate with the target, it is sometimes called a “half-open” scan. SYN to port 80 1 2 3 SYN/ACK Drop packet Attacker Web server (target) SYN scan. How a SYN scan works. See Also: port scanning, stealth scanning Syskey A Microsoft Windows NT utility for strengthening password security. Overview Syskey first was released as a post–Service Pack 2 (SP2) hotfix for Windows NT and later was included as part of Service Pack 3. Syskey helps protect Windows NT passwords by implementing strong 128-bit encryp- tion for password hashes instead of the previous 40-bit level of encryption. Should an attacker compromise a system and extract password hashes from the SAM database, Syskey makes cracking these hashes much more difficult. However, implementing Syskey is an irreversible step, and the encryption key must be safely stored since if it is lost or corrupted, the system will be unbootable. To provide administrators with flexibility in protecting this key, Syskey provides three key man- agement options: ● Store the startup key locally on the system: The disadvantage is that if the system is compromised and the startup key is obtained, an attacker could crack stored passwords. ● Store the startup key on a floppy disk: The disad- vantage is that the floppy disk must be inserted each time the system needs to be booted, and if the floppy is lost, the system will be unbootable. Man- aging large numbers of such floppies also can be an administrative headache if there are many servers S 333 . Microsoft Windows NT utility for strengthening password security. Overview Syskey first was released as a post–Service Pack 2 (SP2) hotfix for Windows NT and later was included as part of. Microsoft Windows NT utility for strengthening password security. Overview Syskey first was released as a post–Service Pack 2 (SP2) hotfix for Windows NT and later was included as part of. Man- aging large numbers of such floppies also can be an administrative headache if there are many servers S 333 SYN scan Syskey SYN scan A type of stealth scan that makes use of SYN packets. Overview