You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise in order to evade IDS?
You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise in order to evade IDS?
To scan common ports with the least amount of noise in order to evade IDS, the command 'nmap -sT -O -T0' is the best choice. The -sT option stands for a TCP connect scan, which is less stealthy than some other options but is more universally usable. The -O option enables OS detection, which is not directly related to noise, but could be useful for gaining additional information. Most importantly, the -T0 option sets the timing template to 'paranoid,' which is designed for the slowest and most stealthy scans possible, minimizing the risk of detection by an intrusion detection system (IDS).
C. nmap -sT -O -T0 Like V10 Q44 T0 => paranoid
-T0 makes the least noise. -T5 the most noise. This is on the exam.
Correct option is C. -T0 option is called "paranoid" because it's slow to try and avoid detection. "While -T0 and -T1 may be useful for avoiding IDS alerts, they will take an extraordinarily long time to scan thousands of machines or ports. For such a long scan, you may prefer to set the exact timing values you need rather than rely on the canned -T0 and -T1 values." You can find this in the official documentation:
unfortunately they are all noisy so you have to choose the BEST option. B. nmap -sP -p-65535 -T5 This command uses the following options: -sP: This option specifies a Ping scan to discover hosts that are up and running, without actually scanning any ports. -p-65535: This option specifies that all ports from 1 to 65535 should be scanned. -T5: This option sets the timing template to aggressive, which means that the scan will run faster
If the question specifically says that you're attempting to run a port scan and asks which scan would result in a scan of common ports, why would we us -sP which you say doesn't do any port scanning? Why would we run any kind of scan at -T5 if we're specifically asked to create as little noise as possible when we know that the speed of -T5 means all of that network traffic will get created at once?
The question mentions that it is a web server, so it is specifying the target and that is the reason why it is not necessary to search the network for new targets, and I agree that the question also mentions that it is a port scan, now if that is not enough the T5 will sound all the alarms.
C. nmap -sT -O -T0
Correct option is C. -T0 option is called "paranoid" because it's slow to try and avoid detection. "While -T0 and -T1 may be useful for avoiding IDS alerts, they will take an extraordinarily long time to scan thousands of machines or ports. For such a long scan, you may prefer to set the exact timing values you need rather than rely on the canned -T0 and -T1 values." You can find this in the official documentation:
-T0 paranoid timing minimizes noise, making it the best choice for evading IDS