An attacker uses a TCP SYN packets as a means of purpose of host
						discovery. Typical RFC 793 behavior specifies that when a TCP port is open,
						a host must respond to an incoming SYN "synchronize" packet by completing
						stage two of the 'three-way handshake' by sending an SYN/ACK in response.
						When a port is closed, RFC 793 behavior is to respond with a RST "reset"
						packet. This behavior can be used to 'ping' a target to see if it is alive
						by sending a TCP SYN packet to a port and then looking for a RST or an ACK
						packet in response. Due to the different responses from open and closed
						ports, SYN packets can be used to determine the remote state of the port. A
						TCP SYN ping is also useful for discovering alive hosts protected by a
						stateful firewall. In cases where a specific firewall rule does not block
						access to a port, a SYN packet can pass through the firewall to the host and
						solicit a response from either an open or closed port. When a stateful
						firewall is present SYN pings are preferable to ACK pings, because a
						stateful firewall will typically drop all unsolicited ACK packets because
						they are not part of an existing or new connection. TCP SYN pings often fail
						when a stateless ACL or firewall is configured to blanket-filter incoming
						packets to a port. The firewall device will discard any SYN packets to a
						blocked port. An attacker will often alternate between SYN and ACK pings to
						discover if a host is alive. A TCP SYN ping has the following
						characteristics:1. Host Discovery: Can be used to discover if a host is alive via ACK
							or RST packets.2. Effective Against: Stateful Firewalls that allow incoming new
							connections to target ports.3. Weak Against: Stateless firewalls that blanket-filter incoming
							SYN4. Port State: Able to determine port state via SYN/ACK or RST
							response.