In CEH v13 Module 03: Scanning Networks, Nmap's evasion techniques are discussed for bypassing or confusing Intrusion Detection Systems (IDS) and firewalls.
The -D option in Nmap is used to enable decoy scanning. It inserts false IP addresses in the scan to obfuscate the true origin of the scan.
This technique helps in masking the attacker’s IP and can confuse IDS logs.
Option Clarification:
A. -n/-R: Disables DNS resolution (-n) or uses reverse DNS (-R), does not evade detection.
B. -0N/-0X/-0G: Output formats (normal, XML, grepable), not related to evasion.
C. -T: Controls timing (e.g., -T0 is stealthy, -T5 is aggressive), but not explicitly for IDS evasion.
D. -D: Correct. Used for IDS/firewall evasion by using decoy IPs.
[Reference:, Module 03 – Scanning with Evasion Options, Nmap Official Docs: https://nmap.org/book/man-bypass-firewalls-ids.html, , ]
