Monkeyshell Posted February 24, 2017 Share Posted February 24, 2017 Hello Everyone , I ' have noticed that nmap is easily monitor by network security team . So how can nmap not be detected or lower the packet (-f detected) oralternate of nmap or Different technique for port scanning to minimise the the risk of detection. Scanning entire subnet without been too nosey Quote Link to comment Share on other sites More sharing options...
n33dsh3llz Posted February 25, 2017 Share Posted February 25, 2017 Are you scanning from within the local subnet? Quote Link to comment Share on other sites More sharing options...
Monkeyshell Posted February 28, 2017 Author Share Posted February 28, 2017 @n33dsh3llz Yes Quote Link to comment Share on other sites More sharing options...
digip Posted February 28, 2017 Share Posted February 28, 2017 (edited) Few things you can try, but IDS systems generally log everything. "nmap -sS -Pn target.com", "nmap -P0 -sI x.x.x.x:1234 target.com" (idle scan) where x.x.x.x:1234 is the source IP and port to scan from or return packets to/spoof, and "nmap -n -Dx.x.x.x,x.x.x.x,x.x.x.x target.com" where x.x.x.x is a list of IP's to spoof from. This last one spoof scans from multiple source IP's to help obfuscate the source of the scanning machine. Nothing is 100% full proof in being detected by an IDS that is logging everything though. BTW, don't post the same question multiple times. Post once, check back later. I had already replied to your other thread, which I just deleted my post from. If you can't find your last post, go to your profile to see your recent content posted, or subscribe to your own threads. Edited February 28, 2017 by digip Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.