Written by shakuganz

IDLE Scan vs Decoy Scan

Dear readers, today I will be covering on IDLE scan and Decoy scan. It will not be too technical as there are already many sources giving good explanation especially on the nmap website. However, I will be covering a bit of the benefit of IDLE scan over decoy scan. Hopefully it will help you to decide which scan to use if you are stuck with which scan to use.

IDLE Scan

IDLE Scan is a port technique that utilizes a victim machine to scan the target (Look at Figure 1a). In this technique, the attacker uses the zombie machine’s IP address to make a connection so the target machine will not have any traces of the attacker scanning it. For more detail information, see IDLE scan article on nmap website here.

Figure 1: IDLE scan on open port (Credit: Wiki)

Decoy Scan

Decoy scan is another technique that is very popular to spoof the attacker’s IP when doing port scan on the target (see Figure 2). In this technique, the attacker sends packets to the target uses different IP addresses. Only one of the packets contains the attacker’s IP address. In this way, the victim will not know who is the real attacker. For more of decoy scan technique, see the nmap website here.

Figure 2: Decoy scan

IDLE Scan vs Decoy Scan

So which is good? IDLE Scan or Decoy scan? Personally, I will prefer IDLE scan as it as more beneficial. This is because IDLE scan helps to avoid Fail2Ban or Intrusion Prevention System (IPS)..

During lots of scanning, IPS may detect scanning on an important organization machine. Since the IP was spoofed to use the zombie’s IP address in IDLE scan, the IPS may block the zombie machine. For example utilizing the mail server as the zombie to scan the web server. This results in the mail server to be blocked after a while.

Decoy scan will not work as the actual IP address of the attacker is part of the list of different IP address packets sent to the target. This causes the list of IP addresses to be banned which includes the attacker’s IP address to be banned.

I hope today’s article has been helpful to you. Feel free to leave any comments below. You may also send me some tips if you like my work and want to see more of such content. Funds will mostly be used for my boba milk tea addiction. The link is here. šŸ™‚

Advertisement

Leave a Reply

Please log in using one of these methods to post your comment:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.