nerdexam
EC-Council

312-50V10 · Question #542

Which NMAP feature can a tester implement or adjust while scanning for open ports to avoid detection by the network's IDS?

The correct answer is A. Timing options to slow the speed that the port scan is conducted. Nmap timing options control the speed and rate of packet transmission during a port scan, allowing testers to operate below the thresholds that IDS systems use to identify scanning activity.

Scanning Networks

Question

Which NMAP feature can a tester implement or adjust while scanning for open ports to avoid detection by the network's IDS?

Options

  • ATiming options to slow the speed that the port scan is conducted
  • BFingerprinting to identify which operating systems are running on the network
  • CICMP ping sweep to determine which hosts on the network are not available
  • DTraceroute to control the path of the packets sent during the scan

How the community answered

(43 responses)
  • A
    91% (39)
  • B
    2% (1)
  • C
    2% (1)
  • D
    5% (2)

Why each option

Nmap timing options control the speed and rate of packet transmission during a port scan, allowing testers to operate below the thresholds that IDS systems use to identify scanning activity.

ATiming options to slow the speed that the port scan is conductedCorrect

Nmap provides timing templates ranging from -T0 (paranoid, slowest) to -T5 (insane, fastest), as well as fine-grained controls such as --scan-delay and --max-rate, which throttle how quickly probes are sent. IDS systems commonly detect port scans by identifying abnormally high rates of connection attempts in a short time window; slowing the scan spreads those attempts over a longer period, reducing the signal that triggers IDS alerts. This makes timing adjustment the primary Nmap mechanism for avoiding automated detection.

BFingerprinting to identify which operating systems are running on the network

OS fingerprinting (the -O flag) analyzes responses to identify the operating system running on a host, but it does not reduce the scan's visibility or rate and therefore does not help evade IDS detection.

CICMP ping sweep to determine which hosts on the network are not available

An ICMP ping sweep (-sn) is used to discover which hosts are active on a network and does not adjust scan speed or packet rate to avoid detection.

DTraceroute to control the path of the packets sent during the scan

Traceroute functionality maps the network path packets take to a destination but does not alter the speed or pattern of a port scan in a way that would evade IDS detection.

Concept tested: Nmap timing options for IDS evasion during port scanning

Source: https://nmap.org/book/man-performance.html

Topics

#NMAP timing#IDS evasion#port scanning#scan speed

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice