Re: Assessing a machine with 2 NICs

From: Justin.Ross@signalsolutionsinc.com
Date: Mon Sep 12 2005 - 12:40:05 EDT

• Next message: Michael Gargiullo: "RE: windows, nessus scanner, and a VPN"
• Previous message: Peter Wood: "Re: database server audit tools"
• In reply to: barcajax@gmail.com: "Assessing a machine with 2 NICs"
• Next in thread: Derick Anderson: "RE: Assessing a machine with 2 NICs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Yes, you'll need to scan both NIC's of the target machine.services can be
bound to certain IP addresses/adapters, which may mean you will see
totally different services (open ports) and totally different
vulnerabilities. For a complete vulnerabilty assessment, you'll also need
to scan multiple IP addresses sharing the same NIC.

>From an assessment/audit point of view, is it necessary to scan both NICs
using assessment tools like NMap and Nessus?
Yes.

Will both scan results produce the same findings (as in same ports and
services open)?
No, not necessarily (and not likely)

Does the OS or applications influence the detection of ports/services on
different NICs on the same physical machine?
Both, but typically the applications themselves allow configuration of
binding a service to a specific IP address or interface.

Justin Ross
MCP+I, MCSE, CCNA, CCSA, CCSE
Senior Network Security Engineer
Signal Solutions Inc. - http://www.signalcorp.com
Email: Justin.Ross-at-signalsolutionsinc.com

barcajax@gmail.com
09/08/2005 05:09 PM

To
pen-test@securityfocus.com
cc

Subject
Assessing a machine with 2 NICs

Lets say we have a machine running critical business applications
connected to the enterprise network on 2 NICs. From an assessment/audit
point of view, is it necessary to scan both NICs using assessment tools
like NMap and Nessus? Will both scan results produce the same findings (as
in same ports and services open)?
Does the OS or applications influence the detection of ports/services on
different NICs on the same physical machine?

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,

login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before
hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Michael Gargiullo: "RE: windows, nessus scanner, and a VPN"
• Previous message: Peter Wood: "Re: database server audit tools"
• In reply to: barcajax@gmail.com: "Assessing a machine with 2 NICs"
• Next in thread: Derick Anderson: "RE: Assessing a machine with 2 NICs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:52 EDT