A penetration tester runs the command nmap -sF -p 80 192.168.1.1 against a Windows host and receives a response RST packet. What conclusion can be drawn on the status of port 80?
- port 80 is open
- port 80 is closed
- undetermined as this is a default response on a Windows system
- port 80 is open/filtered
|Explanation & Hints:
A TCP FIN scan is not useful when scanning Windows-based systems, as they respond with RST packets, regardless of the port state. The normal implication of an RST message would indicate a closed port. Since this is a Windows-based system, it will always respond with an RST message regardless of the port state.