A security engineer is trying to bypass a network IPS that isolates the source when the scan exceeds 100 packets per minute. The scope of the san is to identify web servers in the 10.0.0.0/16 subnet. Which of the following commands should the engineer use to achieve the objective in the least amount of time?
To prevent sending more than 100 packets per minute, a very slow scan is necessary. The –T0 option in nmap ensures that the scan is extremely slow, which prevents exceeding the packet-per-minute limit set by the network IPS. Therefore, using the -T0 template allows the security engineer to thoroughly scan the 10.0.0.0/16 subnet while adhering to the restrictions imposed by the IPS.
B is the answer. C is wrong.. --max-rate is per SEC, not Min. Thus, setting --max-rate 60 is 60 per sec or 3,600 per min.
yup good catch. lotta follow the leader around here
B is the answer the others will all exceed 100 packets per minute as the min and max rate set the packets per second
--max-rate limits a scan's sending rate to a given maximum. Use --max-rate 100, for example, to limit sending to 100 packets per second on a fast network. https://nmap.org/book/man-performance.html The nmap command allows you to control the rate at which packets are sent during a scan. Here are the relevant options: --min-rate <number>: Specifies the minimum packet rate (packets per second). --max-rate <number>: Specifies the maximum packet rate (packets per second).
While the fine-grained timing controls discussed in the previous section are powerful and effective, some people find them confusing. Moreover, choosing the appropriate values can sometimes take more time than the scan you are trying to optimize. Fortunately, Nmap offers a simpler approach, with six timing templates. You can specify them with the -T option and their number (0–5) or their name. The template names are paranoid (0), sneaky (1), polite (2), normal (3), aggressive (4), and insane (5). The first two are for IDS evasion. Polite mode slows down the scan to use less bandwidth and target machine resources. Normal mode is the default and so -T3 does nothing. Aggressive mode speeds scans up by making the assumption that you are on a reasonably fast and reliable network. Finally insane mode assumes that you are on an extraordinarily fast network or are willing to sacrifice some accuracy for speed.
While -T0 and -T1 may be useful for avoiding IDS alerts, they will take an extraordinarily long time to scan thousands of machines or ports. For such a long scan, you may prefer to set the exact timing values you need rather than rely on the canned -T0 and -T1 values. The main effects of T0 are serializing the scan so only one port is scanned at a time, and waiting five minutes between sending each probe
C. nmap –T4 –p 80 10.0.0.0/16 ––max-rate 60: This option explicitly sets the maximum scan rate to 60 packets per second, which is below the IPS threshold, and it scans port 80 as required. Therefore, this seems to be the best option.
The --max-rate setting of nmap is measured in packets per SECOND. B. is the only option that can stay under 100 packets per MINUTE.
Considering the need to stay below 100 packets per minute while completing the scan in the least amount of time, Option C (nmap -T4 -p 80 10.0.0.0/16 --max-rate 60) is the best choice. It balances efficiency and compliance with the IPS limit, using a rate that is safely below the threshold and a timing template that expedites the scan without being overly aggressive
C. nmap –T4 –p 80 10.0.0.0/16 ––max-rate 60: The –max-rate 60 option ensures that Nmap will not send more than 60 packets per second, which is well under the limit of 100 packets per minute. The T4 timing template balances speed and caution, allowing the scan to complete in a reasonable time frame while staying under the packet limit. A. While the –max-hostgroup option can control the number of hosts scanned in parallel, it doesn’t control the rate of packets sent. The T3 timing template might still exceed 100 packets per minute. B. The T0 timing template is very slow and would take a very long time to scan the entire subnet. D. The T5 timing template is very aggressive, and the –min-rate 80 option specifies a minimum rate of 80 packets per second, which would definitely exceed the 100 packets per minute limit set by the IPS.
A security engineer is trying to bypass a network IPS that isolates the source when the scan exceeds 100 packets per minute. The scope of the san is to identify web servers in the 10.0.0.0/16 subnet. Which of the following commands should the engineer use to achieve the objective in the least amount of time?
Please erase, this was posted by mistake.
--max-rate <number>: Send packets no faster than <number> per second I agree with option C. Although the nmap --help show this number per second, meaning --max-rate 60 will potentially go up to 3600 packets per minute. The IPS blocks 100 packets per minute so I guess it ought to be lower than 60?
Option C specifies a scan (nmap) targeting port 80 (common for web servers) across the 10.0.0.0/16 subnet. It uses the --max-rate option to limit the scan rate to 60 packets per minute, staying below the IPS threshold of 100 packets per minute. The -T4 option speeds up the scan while still respecting the rate limit, optimizing for both efficiency and stealth
C. nmap –T4 –p 80 10.0.0.0/16 ––max-rate 60