You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise in order to evade IDS?
C option (Nmap -sT -O -T0) is the correct:
-sT: Performs a TCP connect scan, which is less likely to be detected by IDS compared to other scan types.
-O: Enables OS detection only, to gather information about the operating system running on the target.
-T0: Sets the timing template to Paranoid, which slows down the scan to reduce the chance of detection.
This combination of options is designed to be stealthy and minimize the impact on the target system, making it less likely to trigger IDS alerts.
Options A and D are incorrect because the “-A” param is more aggressive, because enable OS detection, version detection, script scanning, and traceroute in unlike the “-O” param.
B option is incorrect to because scan all the 65535 ports with the param “-p-65535” and use the “-T5” param that is the fastest timing template, designed for very fast scans. It's more likely to be detected by intrusion detection systems.
The command that would result in a scan of common ports with the least amount of noise to evade IDS is option D: nmap -A --host-timeout 99 -T1.
In this command:
-A enables OS detection, version detection, script scanning, and traceroute.
--host-timeout 99 sets the maximum amount of time in seconds to wait for a response from the host before considering it as unreachable.
-T1 sets the timing template to the slowest speed, reducing the scan speed to minimize the chance of triggering IDS alerts.
By using these options, the scan is conducted with more caution, reducing the chances of raising suspicion or triggering IDS (Intrusion Detection System) alerts. The slower scan speed allows for more discreet scanning while still performing comprehensive detection and scanning tasks.
-A: Perform an aggressive scan which select most of the commonly used options within nmap
-Pn: Means Don't ping
-p:scan specific ports
-sT: TCP Connect scan
-O: Operating system detection
-T0: timing template (extremely slow- evade FW)
C it's the correct answer
Timing Templates (-T)
While the fine-grained timing controls discussed in the previous section are powerful and effective, some people find them confusing. Moreover, choosing the appropriate values can sometimes take more time than the scan you are trying to optimize. So Nmap offers a simpler approach, with six timing templates. You can specify them with the -T option and their number (0–5) or their name. The template names are paranoid (0), sneaky (1), polite (2), normal (3), aggressive (4), and insane (5). The first two are for IDS evasion. Polite mode slows down the scan to use less bandwidth and target machine resources. Normal mode is the default and so -T3 does nothing. Aggressive mode speeds scans up by making the assumption that you are on a reasonably fast and reliable network. Finally insane mode assumes that you are on an extraordinarily fast network or are willing to sacrifice some accuracy for speed.
-O operating system
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Nevuer
7 months, 3 weeks agoBlackAdam
1 year, 3 months agoguidoleonardo
3 years, 12 months agoTrendMicroDLPSSucks
4 years, 3 months agoTrendMicroDLPSSucks
4 years, 3 months agoTrendMicroDLPSSucks
4 years, 3 months ago