Security Basics mailing list archives

Re: Assessing a machine with 2 NICs

From: Jeff MacDonald <jam () zoidtechnologies com>
Date: Fri, 09 Sep 2005 12:32:14 -0400

On Fri, 2005-09-09 at 00:34 +0000, barcajax () gmail com wrote:

Lets say we have a machine running critical business applications
 connected to the enterprise network on 2 NICs. From an
 assessment/audit point of view, is it necessary to scan both NICs
 using assessment tools like NMap and Nessus?

yes

 Will both scan results produce the same findings (as in same ports
 and services open)?


not necessarily

 Does the OS or applications influence the detection of ports/services
 on different NICs on the same physical machine?


well, I don't know about the application influencing "detection" per se,
but at least in Linux it is possible to tell software to bind to a
specific interface (Apache, Bind9, etc can do this), so it is *possible*
that a program that is listening on one interface is not doing so on
another. also, it is possible to firewall one interface in one way, but
have different rules for the other interfaces, thus when doing a network
scan different results could be obtained.

HTH

regards,
J

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

Assessing a machine with 2 NICs barcajax (Sep 09)
- Re: Assessing a machine with 2 NICs Jacob Bresciani (Sep 09)
- Re: Assessing a machine with 2 NICs Jeff MacDonald (Sep 09)