Loading page
Review the challenge brief, files, and requirements.
A Snort deployment raised alerts during your first SYN scan. You stop, read the rules below, and need to choose the next scan that avoids both detections:
alert tcp any any -> $HOME_NET any (flags:S; threshold:type both, track by_src, count 100, seconds 60; sid:1000001;)
alert tcp any any -> $HOME_NET any (msg:"Nmap fingerprint"; content:"|00 00 40 00 00 00|"; sid:1000002;)
Which scan change bypasses both rules as written?
Sign in to attempt this challenge.
Use Proving Grounds to continue your challenge practice.
Open Proving Grounds