I was running a scan to a server behind a Watchguard firewall and then I got banned, the firewall blacklisted my public IP address, this killed me because I manage the firewall and when I begin to troubleshooting what happened I was not able to reach the firewall itself or VPN is.


Now if you do:


C:\Users\Raul>nmap -T2


Starting Nmap 6.40 ( http://nmap.org ) at 2014-12-05 17:22 Central Standard Time


Nmap scan report for


Host is up (0.086s latency).


Not shown: 996 filtered ports


80/tcp   open  http

443/tcp  open  https

993/tcp  open  imaps

3389/tcp open  ms-wbt-server


Nmap done: 1 IP address (1 host up) scanned in 927.56 seconds




Did you notice the time, it took 927 seconds, mean 15 minutes, Yes, to avoid the to be detected you need to move slowly and slowly, one packet at the time so the IPS will time out and ignore the packet.


You could run nmap without the T2 switch and would be faster if there is NOT any IPS/IDS, if there is one you lost the connection and you would need to wait until the IPS remove your IP address from the black listed list.


So to make sure you do not lose time and get good result in your pentest scope, you need to be snick, LOL


Takes time to sharp your skill, just keep practicing and you will get it.