1) Fragmentation
Utilize the parameters "-sS -f", such as:
#nmap -sS -f 192.168.0.1
This technique is obsoleted given that nearly all modern NIDSs can detect this kind of scanning.
2) Decoy
Use the parameters, "-sS -D", to make a couple of bogus IP addresses as fake scanners to confuse security anaylsts.
#nmap -sS -D 192.168.0.3,192.168.0.5,192.168.0.7,ME,192.168.0.11 192.168.0.251
3) Prolong the interval among scan requests
Apply "-T0" (5 minutes) or "-T1" (15 seconds) to the scan in order to hide the scanning activities.
#nmap -sS -p 25,80,443 -T0 192.168.0.1
4) Set Scanning Source Port as Famous Service Port
Change the source port of those scanning probes to a famous service port (e.g. 25, 80, or 443) by using a parameter, "-g".
#nmap -sS -g 25 192.168.0.1
#nmap -sU -g 53 192.168.0.251
5) Idle Scan
Utilize a zombie to scan a targeting host through leveraging a parameter, "-sI".
First, determine if a host (i.e. 192.168.0.251) can be a zombie:
#nmap -O -v -n 192.168.0.251
Second, if the zombie host is confirmed to be available, use it to scan the targeting host (i.e. 192.168.0.253):
#nmap -p22 -sI 192.168.0.251:443 192.168.0.253
No comments:
Post a Comment