You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise in order to evade IDS?
When you're trying to evade Intrusion Detection Systems (IDS), your goal is to reduce noise and avoid triggering alerts. Here's why option C is the best among the given:
-sT: This is a TCP connect scan. While it's more detectable than a stealth SYN scan (-sS), it may blend in better with normal traffic in some networks.
-O: Enables OS detection which does generate more traffic, but since all options include some level of detail gathering, this is acceptable here.
-T0: This sets the timing template to the slowest (Paranoid), making the scan very slow but low and stealthy, thus minimizing noise and helping evade IDS.
Correct: C
T0 = timing template serializing the scan so only one port is scanned at a time, and waiting 5 minutes between sending each probe.
T1 and T2 are similar but they only wait 15 seconds and 0.4 seconds, respectively, between probes. T3 is Nmap's default behavior, which includes parallelization.
D is NOT correct:
--host-timeout <time> (Give up on slow target hosts after the timeout)
= amount of time you are willing to wait. For example, specify 30m to ensure that Nmap doesn't waste more than half an hour on a single host.
Note that Nmap may be scanning other hosts at the same time during that half an hour, so it isn't a complete loss. A host that times out is skipped. No port table, OS detection, or version detection results are printed for that host.
Source: https://nmap.org/book/man-performance.html
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
e30b32d
1 month, 1 week agoe30b32d
1 month, 1 week agod503c75
1 month, 2 weeks agoNikoTomas
3 months, 3 weeks agoAY_Tseng
4 months ago