Nmap Decoy Scans
Explore how to perform decoy scans with Nmap to disguise your scan's origin by using multiple spoofed IP addresses. Understand the benefits and limitations of SYN and UDP decoy scans in evading detection, and learn practical commands for conducting these stealth scans responsibly.
We'll cover the following...
Decoy scans can be used to evade detection by security systems and maintain anonymity while performing a scan. The need for decoy scans arises when a network administrator or security system uses IDSs or firewalls that monitor and block incoming traffic.
Let’s explore how we can perform Nmap decoy scans.
What is an Nmap decoy scan?
Nmap allows users to specify multiple decoy IP addresses that will be used along with the actual source IP address of the scan. This is useful for disguising the scan’s origin and evading detection by an IDS.
In a decoy scan, multiple IP addresses are sent to the target, including the source IP of the attacker. This makes it extremely hard to trace back to the ...