312-50V10 · Question #16
You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise in order to evade IDS?
The correct answer is C. nmap -sT -O -T0. Nmap's -T0 (paranoid) timing template introduces maximum delays between probes, minimizing IDS detection while scanning common ports.
Question
You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise in order to evade IDS?
Options
- Anmap -A - Pn
- Bnmap -sP -p-65535-T5
- Cnmap -sT -O -T0
- Dnmap -A --host-timeout 99-T1
How the community answered
(42 responses)- A10% (4)
- B14% (6)
- C71% (30)
- D5% (2)
Why each option
Nmap's -T0 (paranoid) timing template introduces maximum delays between probes, minimizing IDS detection while scanning common ports.
The -A flag enables aggressive scanning (OS detection, version detection, script scanning, traceroute), which generates significantly more traffic and is easily detected by IDS.
The -T5 (insane) timing template sends probes as fast as possible, generating maximum network noise that is trivial for any IDS to detect.
The -sT flag performs a full TCP connect scan, -O enables OS detection, and -T0 uses the paranoid timing template which waits up to 5 minutes between each probe. This extreme slowness is specifically designed to evade IDS by preventing correlation of sequential port probes, making it the least noisy option among the choices.
Despite using -T1 (sneaky) timing, the -A flag still runs aggressive multi-stage probes that generate enough distinctive traffic patterns to trigger IDS signatures.
Concept tested: Nmap IDS evasion using timing templates
Source: https://nmap.org/book/performance-timing-templates.html
Topics
Community Discussion
No community discussion yet for this question.