312-50V13 · Question #180
While scanning with Nmap, Patin found several hosts which have the IP ID of incremental kiosk.adobe.com is the host with incremental IP ID sequence. What is the purpose of using "-si" with Nmap?
The correct answer is C. Conduct IDLE scan. Nmap -si Flag Explanation Option C is correct because -si in Nmap stands for IDLE scan, which exploits a "zombie" host (in this case, kiosk.adobe.com) with an incremental IP ID sequence to scan a target indirectly - making the scan appear to originate from the zombie host rather
Question
Options
- AConduct stealth scan
- BConduct ICMP scan
- CConduct IDLE scan
- DConduct silent scan
How the community answered
(44 responses)- A5% (2)
- B7% (3)
- C86% (38)
- D2% (1)
Explanation
Nmap -si Flag Explanation
Option C is correct because -si in Nmap stands for IDLE scan, which exploits a "zombie" host (in this case, kiosk.adobe.com) with an incremental IP ID sequence to scan a target indirectly - making the scan appear to originate from the zombie host rather than the attacker, providing near-perfect anonymity. The IDLE scan works specifically by monitoring the IP ID increments of the zombie host to determine whether target ports are open or closed.
Why the distractors are wrong:
- A (Stealth scan) - Stealth scans (SYN scans) use
-sS, not-si - B (ICMP scan) - ICMP/Ping scans use
-snor-PE, not-si - D (Silent scan) - There is no official "silent scan" flag in Nmap; this is a distractor designed to confuse with the IDLE scan's stealthy nature
Memory Tip: Think of
-sias **"s"can using an **"i"dle (zombie) host - the "i" literally stands for Idle. The key giveaway in the question is the mention of incremental IP ID, which is the prerequisite characteristic needed for a zombie host in an IDLE scan.
Topics
Community Discussion
No community discussion yet for this question.