Dailydave mailing list archives
Re: From int $13 to distributed object clouds
From: liquidfish <liquidfish () gmail com>
Date: Fri, 22 Dec 2006 18:04:42 -0800
What's the point of messing with 1.1 if you already have it under the identity of 2.1? If the goal is to perform as little action as possible (e.g. to be covert, to quickly gather data, and/or to reduce data analysis and post-grouping), then this is a wasted action.
The results may differ for various reasons. Perhaps the routes go through different firewalls with different ACL's, so you might be able to access the HTTP server on the 1.1 interface and not the 2.1 interface. You want the full picture of what is available on what interfaces and from what sources. Scanning a single interface does not always give you the full picture for a host, so intentionally neglecting to scan additional intrfaces, once you have learned they belong to an already scanned asset would be a mistake. Additionally, many network daemons may be configured to only listen on a particular interface. Perhaps the SSH and HTTPS daemons are only accessible on a management interface. Assets should be identified, list the interfaces they have, list what is accessible from all interfaces, and then list anything else that is only accessible from specific interfaces. -p
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- From int $13 to distributed object clouds Dave Aitel (Dec 22)
- <Possible follow-ups>
- Re: From int $13 to distributed object clouds Brian Azzopardi (Dec 22)
- Re: From int $13 to distributed object clouds Jon Passki (Dec 22)
- Re: From int $13 to distributed object clouds liquidfish (Dec 22)
- Re: From int $13 to distributed object clouds Jon Passki (Dec 22)
- Re: From int $13 to distributed object clouds Brian Azzopardi (Dec 28)
- Re: From int $13 to distributed object clouds liquidfish (Dec 28)