nerdexam
EC-Council

312-50V10 · Question #165

If there is an Intrusion Detection System (IDS) in intranet, which port scanning technique cannot be used?

The correct answer is B. TCP SYN. TCP SYN scan creates a recognizable pattern of half-open connections that IDS systems are specifically designed to detect, rendering it ineffective when an IDS is monitoring the intranet.

Scanning Networks

Question

If there is an Intrusion Detection System (IDS) in intranet, which port scanning technique cannot be used?

Options

  • ASpoof Scan
  • BTCP SYN
  • CTCP Connect scan
  • DIdle scan

How the community answered

(38 responses)
  • A
    8% (3)
  • B
    74% (28)
  • C
    3% (1)
  • D
    16% (6)

Why each option

TCP SYN scan creates a recognizable pattern of half-open connections that IDS systems are specifically designed to detect, rendering it ineffective when an IDS is monitoring the intranet.

ASpoof Scan

Spoof scan uses decoy IP addresses to disguise the true source of the scan, making it difficult for an IDS to attribute activity to the real attacker and allowing it to be used even when an IDS is present.

BTCP SYNCorrect

TCP SYN scan (half-open scan) sends SYN packets but intentionally never completes the three-way handshake, generating an anomalous traffic pattern that is a primary detection signature for IDS engines. Because the intranet IDS monitors for exactly this SYN-only traffic behavior, this technique cannot be used without triggering immediate alerts and attribution back to the scanner.

CTCP Connect scan

TCP Connect scan completes the full three-way handshake and is logged at the OS level, but it does not trigger the same half-open connection IDS signatures as TCP SYN, so it can still be executed in an IDS environment.

DIdle scan

Idle scan uses a third-party zombie host to relay probe packets so the IDS sees traffic originating from the zombie rather than the real attacker, making it one of the stealthiest techniques and still usable when an IDS is present.

Concept tested: IDS evasion and port scanning detection techniques

Source: https://nmap.org/book/man-bypass-firewalls-ids.html

Topics

#TCP SYN scan#IDS detection#port scanning#IDS evasion

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice