Our Technology

Idle Scan Step by Step

Probe the zombie's IP ID and record it. Forge a SYN packet from the zombie and send it to the desired port on the target. Depending on the port state, the target's reaction may or may not cause the zombie's IP ID to be incremented. Probe the zombie's IP ID again. The target port state is then determined by comparing this new IP ID with the one recorded in step 1.


While the section called “Idle Scan Step by Step” describes idle scan at the fundamental level, the Nmap implementation is far more complex. Key differences are parallelism for quick execution and redundancy to reduce false positives. Parallelizing idle scan is trickier than with other scan techniques due to indirect method of deducing port states.

SYN Stealth Scan

I’ll begin this section with an overview of the TCP connection process. Those familiar with TCP/IP can skip the first few paragraphs.When a TCP connection is made between two systems, a process known as a "three way handshake" occurs. This involves the exchange of three packets, and synchronises the systems with each other (necessary for the error correction built into TCP. Refer to a good TCP/IP book for more details. The system initiating the connection sends a packet to the system it wants to connect to. TCP packets have a header section with a flags field.

IP Protocol Scans

The IP Protocol Scans attempt to determine the IP protocols supported on a target. Nmap sends a raw IP packet without any additional protocol header (see a good TCP/IP book for information about IP packets), to each protocol on the target machine. Receipt of an ICMP Protocol Unreachable message tells us the protocol is not in use, otherwise it is assumed open. Not all hosts send ICMP Protocol Unreachable messages. These may include firewalls, AIX, HP-UX and Digital UNIX). These machines will report all protocols open.

Incomplete information

This is the most common and important aspect related to “variety” component of Big Data. Every data source has partial information about a particular object and complete information can be achieved by merging the sources accordingly. The Big Data initiatives important driver is to get maximum information of objects by collating the data sources.

What We Do


Although many Operating Systems are now immune from being used in this attack, Some popular systems are still vulnerable;[1] making the idle scan still very effective. Once a successful scan is completed there is no trace of the attacker's IP address on the target's firewall or Intrusion-detection system log. Another useful possibility is the chance of by-passing a firewall because you are scanning the target from the zombie's computer,[7] which might have extra rights than the attacker's.

Enabling better decisions

Big data technology enables analytics to be implemented in (near) real time. If modeling data is collected more frequently, it can be used to improve business rules on the fly, so that those in customer-facing roles (for example, salespeople and contact center agents, or their virtual counterparts) can achieve real-time decisioning.

Double Tagging

The first prevention measure is to remove all access ports from the default VLAN 1 since the attacker’s port must match that of the switch’s native VLAN. The second prevention measure is to assign the native VLAN on all switch trunks to some unused VLAN, say VLAN id 999. And lastly, all switches be configured to carry out explicit tagging of native VLAN frames on the trunk port.