312-50V11 · Question #542
Which NMAP feature can a tester implement or adjust while scanning for open ports to avoid detection by the network's IDS?
The correct answer is A. Timing options to slow the speed that the port scan is conducted. NMAP timing options allow testers to slow down port scans, reducing the rate of packets sent and making the scan less likely to trigger IDS threshold-based detection rules.
Question
Which NMAP feature can a tester implement or adjust while scanning for open ports to avoid detection by the network's IDS?
Options
- ATiming options to slow the speed that the port scan is conducted
- BFingerprinting to identify which operating systems are running on the network
- CICMP ping sweep to determine which hosts on the network are not available
- DTraceroute to control the path of the packets sent during the scan
How the community answered
(26 responses)- A88% (23)
- B4% (1)
- C8% (2)
Why each option
NMAP timing options allow testers to slow down port scans, reducing the rate of packets sent and making the scan less likely to trigger IDS threshold-based detection rules.
NMAP's timing templates (-T0 through -T5) control scan speed; lower settings like Paranoid (-T0) or Sneaky (-T1) introduce deliberate delays between probe packets, keeping traffic volume below the thresholds that most IDS engines use to classify activity as a port scan. Slower scans spread packets over a longer time window, making the pattern statistically harder to distinguish from normal traffic. This is a well-known evasion technique explicitly designed to avoid automated detection.
OS fingerprinting (-O) generates additional probe packets to identify operating systems, which increases traffic and raises detection risk rather than reducing it.
An ICMP ping sweep is used to discover live hosts, not to evade detection - it actually produces a recognizable burst of ICMP echo requests that many IDS systems alert on.
Traceroute maps the network path packets take but does not control the rate or stealth of the port scan itself, providing no evasion benefit against an IDS.
Concept tested: NMAP timing options for IDS evasion
Source: https://nmap.org/book/man-performance.html
Topics
Community Discussion
No community discussion yet for this question.