Any type of port scanning that doesn’t actually establish
connections with ports on target hosts.
Port scanning is a set of methods for determining which ports are open and listening on a target system and is used commonly by attackers to seek out vulnerable hosts to attack. Some forms of port scanning form Transmission Control Protocol (TCP) connections to ports on target servers and are easy to detect by an intrusion detection system (IDS) set up to protect the remote network. More difficult for an IDS to detect is a stealth scan, any type of scan in which a TCP connection is not established with the remote host. Some examples of different types of stealth scans include ACK, FIN, NUL, SYN, and XMAS scans. ACK and FIN scans are especially stealthy and often can circumvent firewalls and sneak in under the radar of an IDS, but they generally work only with older operating systems that have flaws in how their Transmission Control Protocol/Internet Protocol (TCP/IP) stack is implemented