Distributed scan works by dividing the scanning scope among multiple attack platforms. In such case, each attack platform performs a normal scan for a small range of port numbers. Although this is not 100% spoofing mechanism, it increases the overhead of the system administrator on the other side to trace back the attacker [e.g. there could be hundreds of originating IPs.] Furthermore, those originating IPs could be compromised
hosts of innocent people.
Advantages of Distributed Scan are:
• It minimizes the scan time since multiple scanning platforms are working in parallel.
• Tracing back the attacker is a little hard since there are many originating IPs appearing in the logs of the scanned network.
Disadvantages of Distributed Scan are:
• It requires that the attacker is controlling, in one way or another, all the scanning platforms.
• There is no real spoofing in this technique since all the IP addresses appearing in the scanned network are truly the IPs of the scanning machine.
