You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise in order to evade IDS?
unfortunately they are all noisy so you have to choose the BEST option.
B. nmap -sP -p-65535 -T5
This command uses the following options:
-sP: This option specifies a Ping scan to discover hosts that are up and running, without actually scanning any ports.
-p-65535: This option specifies that all ports from 1 to 65535 should be scanned.
-T5: This option sets the timing template to aggressive, which means that the scan will run faster
If the question specifically says that you're attempting to run a port scan and asks which scan would result in a scan of common ports, why would we us -sP which you say doesn't do any port scanning? Why would we run any kind of scan at -T5 if we're specifically asked to create as little noise as possible when we know that the speed of -T5 means all of that network traffic will get created at once?
The question mentions that it is a web server, so it is specifying the target and that is the reason why it is not necessary to search the network for new targets, and I agree that the question also mentions that it is a port scan, now if that is not enough the T5 will sound all the alarms.
Correct option is C.
-T0 option is called "paranoid" because it's slow to try and avoid detection.
"While -T0 and -T1 may be useful for avoiding IDS alerts, they will take an extraordinarily long time to scan thousands of machines or ports. For such a long scan, you may prefer to set the exact timing values you need rather than rely on the canned -T0 and -T1 values."
You can find this in the official documentation:
Correct option is C.
-T0 option is called "paranoid" because it's slow to try and avoid detection.
"While -T0 and -T1 may be useful for avoiding IDS alerts, they will take an extraordinarily long time to scan thousands of machines or ports. For such a long scan, you may prefer to set the exact timing values you need rather than rely on the canned -T0 and -T1 values."
You can find this in the official documentation:
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
eli117
1 month, 4 weeks agoOushi
1 year, 7 months agoStoa
1 year, 3 months agosausageman
1 month, 4 weeks agodigas
1 month, 4 weeks agoKermitdfrog
9 months agoinsaniunt
12 months agojeremy13
1 year, 6 months ago