We are independent & ad-supported. We may earn a commission for purchases made through our links.
EasyTechJunkie
Advertiser Disclosure
Our website is an independent, advertising-supported platform. We provide our content free of charge to our readers, and to keep it that way, we rely on revenue generated through advertisements and affiliate partnerships. This means that when you click on certain links on our site and make a purchase, we may earn a commission. Learn more.
How We Make Money
We sustain our operations through affiliate commissions and advertising. If you click on an affiliate link and make a purchase, we may receive a commission from the merchant at no additional cost to you. We also display advertisements on our website, which help generate revenue to support our work and keep our content free for readers. Our editorial team operates independently of our advertising and affiliate partnerships to ensure that our content remains unbiased and focused on providing you with the best information and recommendations based on thorough research and honest evaluations. To remain transparent, we’ve provided a list of our current affiliate partners here.
Security

Our Promise to you

Founded in 2002, our company has been a trusted resource for readers seeking informative and engaging content. Our dedication to quality remains unwavering—and will never change. We follow a strict editorial policy, ensuring that our content is authored by highly qualified professionals and edited by subject matter experts. This guarantees that everything we publish is objective, accurate, and trustworthy.

Over the years, we've refined our approach to cover a wide range of topics, providing readers with reliable and practical advice to enhance their knowledge and skills. That's why millions of readers turn to us each year. Join us in celebrating the joy of learning, guided by standards you can trust.

What Is an Idle Scan?

By Alex Newth
Updated: May 16, 2024
References

An idle scan, also known as a zombie scan, is used by hackers to scan transmission control protocol (TCP) ports in an attempt to map the victim’s system and find out its vulnerabilities. This attack is one of the more sophisticated hacker techniques, because the hacker is not identified through his or her real computer but through a controlled zombie computer that masks the hacker’s digital location. Most administrators just block the Internet protocol (IP) address of the hacker but, since this address belongs to the zombie computer and not the hacker’s real computer, this does not resolve the issue. After performing the idle scan, the scan will show a port is either open, closed or blocked, and the hacker will know where to start an attack.

An idle scan attack begins with the hacker taking control of a zombie computer. A zombie computer may belong to a regular user, and that user may have no idea that his or her computer is being used for malicious attacks. The hacker is not using his or her own computer to do the scan, so the victim will only be able block the zombie, not the hacker.

After taking control of a zombie, the hacker will sneak into the victim’s system and scan all the TCP ports. These ports are used to accept connections from other machines and are needed to perform basic computer functions. When the hacker performs an idle scan, the port will return as one of three categories. Open ports accept connections, closed ports are those that are denying connections, and blocked ports give no reply.

Open ports are the ones hackers look for, but closed ports also can be used for some attacks. With an open port, there are vulnerabilities with the program associated with the port. Closed ports and open ports show vulnerability with the operating system (OS). The idle scan itself rarely initiates the attack; it just shows the hacker where he or she can start an attack.

For an administrator to defend his or her server or website, the administrator has to work with firewalls and ingress filters. The administrator should check to make sure the firewall does not produce predictable IP sequences, which will make it easier for the hacker to perform the idle scan. Ingress filters should be set to deny all outside packets, especially those that have the same address as the system’s internal network.

EasyTechJunkie is dedicated to providing accurate and trustworthy information. We carefully select reputable sources and employ a rigorous fact-checking process to maintain the highest standards. To learn more about our commitment to accuracy, read our editorial process.
Link to Sources
See our Editorial Process Share Feedback

Related Articles

Discussion Comments
Share
https://www.easytechjunkie.com/what-is-an-idle-scan.htm
EasyTechJunkie, in your inbox

Our latest articles, guides, and more, delivered daily.

EasyTechJunkie, in your inbox

Our latest articles, guides, and more, delivered daily.