IDSs are commonly used to detect malicious traffic and elicit an incident response. Penetration testing can include IDS evasion, to test IDS effectiveness, or IDS stimuli, to test Incident Response (IR) capabilities. If you are a penetration tester assigned with providing lots of IDS "noise" and IDS "alerts" to your target with the intent of testing IR, what flags would you consider using with nmap or hping?