312-50V9 · Question #508
Which type of Nmap scan is the most reliable, but also the most visible, and likely to be picked up by and IDS?
The correct answer is D. Connect scan. The TCP Connect scan completes the full three-way handshake, making it the most reliable scan type for confirming open ports but also the most easily detected by IDS and application logs.
Question
Which type of Nmap scan is the most reliable, but also the most visible, and likely to be picked up by and IDS?
Options
- ASYN scan
- BACK scan
- CRST scan
- DConnect scan
- EFIN scan
How the community answered
(42 responses)- A2% (1)
- C5% (2)
- D90% (38)
- E2% (1)
Why each option
The TCP Connect scan completes the full three-way handshake, making it the most reliable scan type for confirming open ports but also the most easily detected by IDS and application logs.
SYN scan (-sS) sends only the initial SYN packet without completing the handshake, making it stealthier and far less likely to be logged by target applications.
ACK scan (-sA) is used to map firewall rulesets and stateful inspection behavior rather than to determine which ports are open, so it is not a reliable port discovery method.
RST scan is not a standard Nmap scan type; RST packets are responses sent to close or reject connections, not probes used to initiate scans.
The Nmap Connect scan (-sT) relies on the operating system's connect() system call to complete a full TCP three-way handshake with each target port. Because the connection is fully established, it is logged by target applications and services and is trivially detected by intrusion detection systems, but this completeness guarantees accurate port state results unlike stealthier half-open techniques.
FIN scan (-sF) is a stealthy technique that relies on RFC-compliant behavior from closed ports, making it less reliable against modern firewalls and filtered hosts.
Concept tested: Nmap TCP Connect scan reliability vs. detectability tradeoff
Source: https://nmap.org/book/man-port-scanning-techniques.html
Topics
Community Discussion
No community discussion yet for this question.