[prev in list] [next in list] [prev in thread] [next in thread]
List: nessus
Subject: Re: Nessus on "blind" interface
From: twig les <twigles () yahoo ! com>
Date: 2002-01-31 18:11:30
[Download RAW message or body]
This just sparked an inner question in me that I don't
have the number of boxes to test (properly). If
someone cracks one of my DMZ boxes and sets up Nessus
(I know, not a good attack tool but possible), would a
Nessus scan pick up that a box is listening for Nessus
and tell me?
Quarky thought... sorry if this is covered somewhere;
I haven't seen it.
--- Renaud Deraison <deraison@cvs.nessus.org> wrote:
> On Thu, Jan 24, 2002 at 09:38:43AM -0500,
> Perciaccante, Robert wrote:
> > Well, here is the 30,000 foot view.
> >
> > Nessus runs on a box that is dual-homed. For
> argument sake:
> >
> > eth0 - (Nessus interface)
> > eth1 - Admin interface
> >
> > eth0 is on a DMZ rail
> > eth1 is on an admin rail
> >
> > The overall concept is this. Eth1 is used to
> collect results, change
> > .nessusrc files, etc. Eth0 is on a DMZ, and if
> bound to an IP address, is
> > vulnerable to attack from anyone on this segment.
> >
> > If Nessus was able to send packets out with
> spoofed IP/MAC addresses, and
> > then sniff the results off the wire, it could
> perform the necessary scans,
> > but not itself be vulnerable to attack on that
> segment.
> >
> > Does this make sense? I know that this is WAY
> over my head (still
> > learning), but I would like to see if it is
> possible, or try to figure out a
> > way to retro-fit Nessus to do this.
>
> Provided that eth0 and eth1 are on different subnets
> (which is
> expected), then you can do that without any problem,
> as Nessus does not
> bind any port during the scan (apart 1241/tcp which
> is always bound).
>
> So if you want nessusd to be reachable only from the
> admin network, then
> start it as :
>
> nessusd -D -a ip.of.the.host.on.the.admin.network
>
>
> -- Renaud
=====
-----------------------------------------------------------
Few people think more than two or three times a year;
I have made an international reputation for myself by
thinking once or twice a week.
George Bernard Shaw
-----------------------------------------------------------
__________________________________________________
Do You Yahoo!?
Great stuff seeking new owners in Yahoo! Auctions!
http://auctions.yahoo.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic