What is the purpose of a TCP ACK -sA scan?

The purpose of a TCP ACK -sA scan is primarily to bypass firewall rulesets and determine how a target system is filtering packets. When a TCP ACK scan is conducted, ACK packets are sent to various ports on the target. The response, or lack thereof, indicates whether the ports are open, closed, or filtered based on the firewall rules in place.

If a port is open and unfiltered, the target will respond with an RST (reset) packet. If the port is closed, the same type of response (an RST) will occur. However, if the port is filtered, meaning a firewall is preventing the ACK packet from reaching the port, there will be no response at all, indicating that the firewall is in place and actively managing traffic. This allows the practitioner to map out which firewall rules may be in effect, making it an invaluable method for understanding network boundaries and behaviors.

While other scanning techniques relate to identifying services or potential vulnerabilities, the focus of a TCP ACK scan is specifically on analyzing how a network enforces its policies regarding packet handling.