312-50V13 · Question #482
You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise In order to evade IDS?
The correct answer is D. nmap -sT -O -T0. Explanation Option D (nmap -sT -O -T0) is correct because -sT performs a TCP connect scan on common ports (not all ports), -O enables OS detection, and critically, -T0 (Paranoid timing) is the slowest and stealthiest timing template, sending packets with maximum delays to avoid t
Question
Options
- Anmap -sP -p-65535 -T5
- Bnmap -A --host-timeout 99 -T1
- Cnmap -A -Pn
- Dnmap -sT -O -T0
How the community answered
(46 responses)- A4% (2)
- B15% (7)
- C9% (4)
- D72% (33)
Explanation
Explanation
Option D (nmap -sT -O -T0) is correct because -sT performs a TCP connect scan on common ports (not all ports), -O enables OS detection, and critically, -T0 (Paranoid timing) is the slowest and stealthiest timing template, sending packets with maximum delays to avoid triggering IDS/IPS threshold-based detection rules.
Why the distractors are wrong:
- Option A uses
-T5(Insane speed) and-p-65535(all ports) - this is the loudest possible scan, virtually guaranteed to trigger an IDS - Option B uses
-T1(Sneaky) which is better, but-Aenables aggressive scanning (OS detection, version detection, scripts, traceroute), generating significant noise that defeats the stealth purpose - Option C uses
-A(aggressive) with no timing control, making it noisy;-Pnonly skips host discovery but does nothing for IDS evasion
Memory Tip: Think of T0 = "Time Out" - you're telling Nmap to slow down so much that the IDS "times out" waiting for a pattern to emerge. The lower the T-value (0–5), the stealthier the scan: lower number = lower noise.
Topics
Community Discussion
No community discussion yet for this question.