Security Basics mailing list archives
Re: Assessing a machine with 2 NICs
From: Jeff MacDonald <jam () zoidtechnologies com>
Date: Fri, 09 Sep 2005 12:32:14 -0400
On Fri, 2005-09-09 at 00:34 +0000, barcajax () gmail com wrote:
Lets say we have a machine running critical business applications connected to the enterprise network on 2 NICs. From an assessment/audit point of view, is it necessary to scan both NICs using assessment tools like NMap and Nessus?
yes
Will both scan results produce the same findings (as in same ports and services open)?
not necessarily
Does the OS or applications influence the detection of ports/services on different NICs on the same physical machine?
well, I don't know about the application influencing "detection" per se, but at least in Linux it is possible to tell software to bind to a specific interface (Apache, Bind9, etc can do this), so it is *possible* that a program that is listening on one interface is not doing so on another. also, it is possible to firewall one interface in one way, but have different rules for the other interfaces, thus when doing a network scan different results could be obtained. HTH regards, J
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Assessing a machine with 2 NICs barcajax (Sep 09)
- Re: Assessing a machine with 2 NICs Jacob Bresciani (Sep 09)
- Re: Assessing a machine with 2 NICs Jeff MacDonald (Sep 09)