What is the purpose of the -D decoy option, and what are potential caveats?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the Nmap and ZenMap Tests. Access flashcards and multiple choice questions, with hints and explanations for each question. Ensure success in your exam!

Multiple Choice

What is the purpose of the -D decoy option, and what are potential caveats?

Explanation:
The main idea behind this option is to make the scan appear as if it’s coming from multiple hosts by adding decoy IP addresses to the probe stream. That way the target’s logs show several source addresses, making it harder to attribute the scan to a single origin. This is why it’s described as adding decoy addresses to confuse logs. There are important caveats to keep in mind. Many networks implement anti-spoofing measures and may drop spoofed packets or flag the activity as suspicious, which can alert defenders or disrupt the scan. Using decoys can trigger IDS/IPS alerts and potentially violate organizational policy or legal constraints. It can also create collateral noise for decoy hosts and complicate log analysis for both you and the network owners. In short, while the feature can obscure attribution, it carries real risks and should be used only with proper authorization and awareness of policy implications.

The main idea behind this option is to make the scan appear as if it’s coming from multiple hosts by adding decoy IP addresses to the probe stream. That way the target’s logs show several source addresses, making it harder to attribute the scan to a single origin. This is why it’s described as adding decoy addresses to confuse logs.

There are important caveats to keep in mind. Many networks implement anti-spoofing measures and may drop spoofed packets or flag the activity as suspicious, which can alert defenders or disrupt the scan. Using decoys can trigger IDS/IPS alerts and potentially violate organizational policy or legal constraints. It can also create collateral noise for decoy hosts and complicate log analysis for both you and the network owners. In short, while the feature can obscure attribution, it carries real risks and should be used only with proper authorization and awareness of policy implications.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy