From: Michael Boman (michael.boman@gmail.com)
Date: Mon Sep 12 2005 - 02:35:38 EDT
On 9 Sep 2005 00:09:12 -0000, barcajax@gmail.com <barcajax@gmail.com> wrote:
> Lets say we have a machine running critical business applications connected to the enterprise network on 2 NICs. From an assessment/audit point of view, is it necessary to scan both NICs using assessment tools like NMap and Nessus? Will both scan results produce the same findings (as in same ports and services open)?
> Does the OS or applications influence the detection of ports/services on different NICs on the same physical machine?
Yes, you will need to scan each NIC and address the server is known as
just to make sure you have covered all the bases.
Services can be bound to a particular IP, and I frequent see
multi-homed machines (servers with more then one IP) having different
services available on the different addresses. The only reason I know
that they are the same machine is because if they use a single NIC the
MAC address is the same for both IPs, and of course when I gained
access to them the 'hostname' and 'hostid' reflect the same
information.
Best regards
Michael Boman
-- IT Security Researcher & Developer http://proxy.11a.nu ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:52 EDT