Re: Assessing a machine with 2 NICs

[Jacob Bresciani <jacob () bresciani ca>]

Simple example. In apache's configuration I can bind it to a port (it  
will listen on port 80 on all IP's) or to an IP address:port (listen  
on only one IP).

I can also assign multiple IP's to each NIC and thing only bind  
apache to one of these address's or all or all but 1...

I can slow setup the OS firewall to behave and block/allow  
differently on each ip address or on each NIC.

So, for TCP/UDP ports you don't need to scan both NIC's so much as  
you need to scan all IP address's assigned to that machine.

Jacob Bresciani

"Passwords are like bubble gum, strongest when fresh, should never be  
used by groups and create a sticky mess when left laying around"

-anon


On Sep 8, 2005, at 5:34 PM, barcajax () gmail com wrote:

> Lets say we have a machine running critical business applications  
> connected to the enterprise network on 2 NICs. From an assessment/ 
> audit point of view, is it necessary to scan both NICs using  
> assessment tools like NMap and Nessus? Will both scan results  
> produce the same findings (as in same ports and services open)?
> Does the OS or applications influence the detection of ports/ 
> services on different NICs on the same physical machine?