Idle (Zombie) Scan
- Requires an idle system connected to the network that you can communicate with.
The attacker system probing an idle machine, a multi-function printer. By sending a SYN/ACK, it responds with an RST packet containing its newly incremented IP ID.
Closed port
its IP ID is not incremented.
Open port
its IP ID is incremented.
Blocked by firewall
The target machine does not respond at all due to firewall rules.
This lack of response will lead to the same result as with the closed port; the idle host won’t increase the IP ID.