You are a penetration tester and are about to perform a scan on a specific server. The agreement that you signed with the client contains the following specific condition for the scan: “The attacker must scan every port on the server several times using a set of spoofed source IP addresses.” Suppose that you are using Nmap to perform this scan.
What flag will you use to satisfy this requirement?
The -D flag in Nmap specifies a decoy scan, which involves sending packets with spoofed IP addresses to disguise the true source of the scan. This matches the requirement of scanning every port on the server several times using a set of spoofed source IP addresses.
D. The -D flag Explanation: The scenario describes a specific condition for a penetration testing scan, where the tester is required to scan every port on a server several times using a set of spoofed source IP addresses. The tester is using Nmap to perform the scan and needs to know which flag to use to satisfy this requirement. The -D flag is used in Nmap to specify a decoy scan. A decoy scan involves sending packets with spoofed IP addresses in order to disguise the true source of the scan. This can be used to make it more difficult for network intrusion detection systems (NIDS) to detect the scan, as well as to confuse the target system about the true source of the traffic. To use the -D flag, the tester specifies a list of decoy IP addresses to be used in the scan. These decoy addresses will be interspersed with the true source IP address in the scan traffic.
D. The -D flag is the correct answer. Another correct answer would be the -S flag (Spoof Source Address), but the -S flag is not a listed option. So the -D flag that is listed is the correct answer. This was an exam question for me when I took the exam on 13 Dec 2023.
-D for decoy
D. The -D flag -------------------------------- IP Address Decoy nmap -D a.a.a.a,b.b.b.b,c.c.c.c {Target IP} IP Address Spoofing nmap -S a.a.a.a {Target IP}
This is the way
D. The -D flag
D. The -D flag
The -D flag