Answer of "Firewall and IDS/IPS Evasion - Easy Lab"

Hi everyone. Would you want to know the answer of this section?
The answer is “Ubuntu”.

The command I was using is:
“nmap -T4 -A -v 10.129.2.80 -D RND:5 --stats-every=5s”
Let me explain some options:

  1. -T4: Set scanning rate is rank “4”, it’s an aggressive mode. When using ‘-T4’ instead of using some softer mode such as ‘-T3’, ‘-T2’… I was a little concerned because I kind of doubting that the IDS system would detect it and the operation would be not allowed by IPS system. However it seems that the outcome would not be affected by IDS/IPS system;
  2. -A: Enable OS detection, version detection, script scanning, and traceroute. In my opinion I think ‘OS detection’ is which one of those operations I need. And I do not really care about ‘version detection’, ‘script scanning’ and ‘traceroute’;
  3. -v: Increase verbosity level (use -vv or more for greater effect). I guess with this option, nmap would give us more information in the terminal;
  4. 10.129.2.80: The target IP address;
  5. -D RND:5: Sets the number of random Decoys that will be used to scan the target. I don’t know the meaning of ‘decoys’, but I guess that with this option, our nmap scanning would be much softer and more silent;
  6. –stats-every=5s: This is the most important option as far as I am concerned, because with this option, I can get some information about the operation we are conducting. I am not a calm person. If the terminal doesn’t return something back in one or two minutes, I would be pretty anxious and angry.



hello you are almost completely correct.

the only thing that is incorrect is the following quote:

you see what we are actually doing is finding the version of SSH running on the device and in order to do that we must use the -sV operator.

so, you see we can replace the -A operator (which is considered noisy) with a nice quiet -sV

  • it’s quiet because it’s less interacting with the target

furthermore, to speed up the process we can limit the number of retries --max-retries=0 and we can run this attack against the common ports through a few ways but i used the -F operator we can also use the -T4 operator but that would be noisy so I wouldn’t, but for the sake of not waiting I usually do

you are correct we need to add the -D RND:5 operator

you would therefore end up with:

sudo nmap <target_ip> -sV -F -D RND:5 --max-retries=0 -T4


otherwise good job you’ve created a nice walkthrough.