NMAP, or Network Mapper, is a powerful tool used for network discovery and security auditing. However, discussion about using this tool for deceptive or malicious purposes, such as its configuration to be undetectable, raises ethical and legal concerns. It’s important to note that unauthorized scanning or penetrating attempts can be illegal and punishable by law.

According to the NMAP Network Scanning Official Guide, the tool offers several stealth options that can minimize detection, but these are meant to help security experts identify vulnerable points in their own systems and improve their network defenses. They should never be used for unauthorized activities.

One such technique is slow scanning or Idle scanning. By controlling scan speed (with the `-T` option) or using tactics like fragmentation (`-f`), you can reduce the chance of triggering alarm systems. Idle scanning (`-sI`) is more stealthy because it involves sending packets with a spoofed IP. This technique is explained in detail by Nitesh Dhanjani and Justin Clarke in their book “Network Security Tools: Writing, Hacking, and Analyzing”: https://www.oreilly.com/library/view/network-security-tools/0596007949/ch04.html

Another method is decoy scanning (`-D`). NMAP Official Guide explains that you can use this option to include the IP of other hosts in your scan, making it look like the scan requests are coming from multiple locations and not just your IP, confusing firewalls and logging systems.

Evading IDS (Intrusion Detection System) is another approach that can be applied with techniques such as Packet Fragmentation (`-f`), Specifying a Specific MTU (`—mtu`), Using Decoy Scanning (`-D`) or Using Idle Scanning (`-sI`). More details can be found at https://www.hackingarticles.in/nmap-techniques-to-bypass-ids/

Moreover, using the `-sS` option for SYN scan, NMAP sends a SYN packet and waits for a response, but never completes the TCP handshake. This makes it harder to detect because many logging systems only record completed connections (source: https://nmap.org/book/synscan.html).

However, as noted on HackerTarget.com, some methods to avoid detection with NMAP have become less effective because network security systems have adapted to recognize these tactics: https://hackertarget.com/nmap-tutorial-beginners/

Remember, hiding NMAP scans may be considered illegal activities in many countries. It is crucial to use such tools responsibly and ethically, and always get authorization before scanning any network other than your own.

The Information Systems Audit and Control Association (ISACA) reinforces this in their code of ethics, with professional knowledge, skills, and tools only to be used for legal purposes and not for unauthorized or illegal activities.

DinoGeek offers simple articles on complex technologies

Would you like to be quoted in this article? It's very simple, contact us at dino@eiki.fr

CSS | NodeJS | DNS | DMARC | MAPI | NNTP | htaccess | PHP | HTTPS | Drupal | WEB3 | LLM | Wordpress | TLD | Domain name | IMAP | TCP | NFT | MariaDB | FTP | Zigbee | NMAP | SNMP | SEO | E-Mail | LXC | HTTP | MangoDB | SFTP | RAG | SSH | HTML | ChatGPT API | OSPF | JavaScript | Docker | OpenVZ | ChatGPT | VPS | ZIMBRA | SPF | UDP | Joomla | IPV6 | BGP | Django | Reactjs | DKIM | VMWare | RSYNC | Python | TFTP | Webdav | FAAS | Apache | IPV4 | LDAP | POP3 | SMTP