'Re: Nessus on "blind" interface'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       nessus
Subject:    Re: Nessus on "blind" interface
From:       twig les <twigles () yahoo ! com>
Date:       2002-01-31 18:11:30
[Download RAW message or body]

This just sparked an inner question in me that I don't
have the number of boxes to test (properly).  If
someone cracks one of my DMZ boxes and sets up Nessus
(I know, not a good attack tool but possible), would a
Nessus scan pick up that a box is listening for Nessus
and tell me?

Quarky thought... sorry if this is covered somewhere; 
I haven't seen it.


--- Renaud Deraison <deraison@cvs.nessus.org> wrote:
> On Thu, Jan 24, 2002 at 09:38:43AM -0500,
> Perciaccante, Robert wrote:
> > Well, here is the 30,000 foot view.
> > 
> > Nessus runs on a box that is dual-homed.  For
> argument sake:
> > 
> > eth0 - (Nessus interface)
> > eth1 - Admin interface
> > 
> > eth0 is on a DMZ rail
> > eth1 is on an admin rail
> > 
> > The overall concept is this.  Eth1 is used to
> collect results, change
> > .nessusrc files, etc.  Eth0 is on a DMZ, and if
> bound to an IP address, is
> > vulnerable to attack from anyone on this segment.
> > 
> > If Nessus was able to send packets out with
> spoofed IP/MAC addresses, and
> > then sniff the results off the wire, it could
> perform the necessary scans,
> > but not itself be vulnerable to attack on that
> segment.
> > 
> > Does this make sense?  I know that this is WAY
> over my head (still
> > learning), but I would like to see if it is
> possible, or try to figure out a
> > way to retro-fit Nessus to do this.
> 
> Provided that eth0 and eth1 are on different subnets
> (which is
> expected), then you can do that without any problem,
> as Nessus does not
> bind any port during the scan (apart 1241/tcp which
> is always bound).
> 
> So if you want nessusd to be reachable only from the
> admin network, then
> start it as :
> 
> 	nessusd -D -a ip.of.the.host.on.the.admin.network
> 
> 
> 				-- Renaud


=====
-----------------------------------------------------------
Few people think more than two or three times a year;
I have made an international reputation for myself by 
thinking once or twice a week.
                                      George Bernard Shaw
-----------------------------------------------------------

__________________________________________________
Do You Yahoo!?
Great stuff seeking new owners in Yahoo! Auctions! 
http://auctions.yahoo.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic