312-50V10 · Question #542
Which NMAP feature can a tester implement or adjust while scanning for open ports to avoid detection by the network's IDS?
The correct answer is A. Timing options to slow the speed that the port scan is conducted. Nmap timing options control the speed and rate of packet transmission during a port scan, allowing testers to operate below the thresholds that IDS systems use to identify scanning activity.
Question
Which NMAP feature can a tester implement or adjust while scanning for open ports to avoid detection by the network's IDS?
Options
- ATiming options to slow the speed that the port scan is conducted
- BFingerprinting to identify which operating systems are running on the network
- CICMP ping sweep to determine which hosts on the network are not available
- DTraceroute to control the path of the packets sent during the scan
How the community answered
(43 responses)- A91% (39)
- B2% (1)
- C2% (1)
- D5% (2)
Why each option
Nmap timing options control the speed and rate of packet transmission during a port scan, allowing testers to operate below the thresholds that IDS systems use to identify scanning activity.
Nmap provides timing templates ranging from -T0 (paranoid, slowest) to -T5 (insane, fastest), as well as fine-grained controls such as --scan-delay and --max-rate, which throttle how quickly probes are sent. IDS systems commonly detect port scans by identifying abnormally high rates of connection attempts in a short time window; slowing the scan spreads those attempts over a longer period, reducing the signal that triggers IDS alerts. This makes timing adjustment the primary Nmap mechanism for avoiding automated detection.
OS fingerprinting (the -O flag) analyzes responses to identify the operating system running on a host, but it does not reduce the scan's visibility or rate and therefore does not help evade IDS detection.
An ICMP ping sweep (-sn) is used to discover which hosts are active on a network and does not adjust scan speed or packet rate to avoid detection.
Traceroute functionality maps the network path packets take to a destination but does not alter the speed or pattern of a port scan in a way that would evade IDS detection.
Concept tested: Nmap timing options for IDS evasion during port scanning
Source: https://nmap.org/book/man-performance.html
Topics
Community Discussion
No community discussion yet for this question.