Penetration Testing mailing list archives

Re: Assessing a machine with 2 NICs

From: Justin.Ross () signalsolutionsinc com
Date: Mon, 12 Sep 2005 09:40:05 -0700

Yes, you'll need to scan both NIC's of the target machine.services can be 
bound to certain IP addresses/adapters, which may mean you will see 
totally different services (open ports) and totally different 
vulnerabilities. For a complete vulnerabilty assessment, you'll also need 
to scan multiple IP addresses sharing the same NIC.

From an assessment/audit point of view, is it necessary to scan both NICs

using assessment tools like NMap and Nessus? 
Yes.

Will both scan results produce the same findings (as in same ports and 
services open)?
No, not necessarily (and not likely)

Does the OS or applications influence the detection of ports/services on 
different NICs on the same physical machine?
Both, but typically the applications themselves allow configuration of 
binding a service to a specific IP address or interface.

Justin Ross
MCP+I, MCSE, CCNA, CCSA, CCSE
Senior Network Security Engineer
Signal Solutions Inc.    -   http://www.signalcorp.com
Email: Justin.Ross-at-signalsolutionsinc.com







barcajax () gmail com 
09/08/2005 05:09 PM

To
pen-test () securityfocus com
cc

Subject
Assessing a machine with 2 NICs






Lets say we have a machine running critical business applications 
connected to the enterprise network on 2 NICs. From an assessment/audit 
point of view, is it necessary to scan both NICs using assessment tools 
like NMap and Nessus? Will both scan results produce the same findings (as 
in same ports and services open)?
Does the OS or applications influence the detection of ports/services on 
different NICs on the same physical machine?

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 

login pages, dynamic content etc. Firewalls, SSL and locked-down servers 
are 
futile against web application hacking. Check your website for 
vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before 
hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------




------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Current thread:

Assessing a machine with 2 NICs barcajax (Sep 11)
- Re: Assessing a machine with 2 NICs Fósforo (Sep 12)
- Re: Assessing a machine with 2 NICs Andres Riancho (Sep 12)
- Re: Assessing a machine with 2 NICs Tim (Sep 12)
- Re: Assessing a machine with 2 NICs Thor (Hammer of God) (Sep 12)
- Re: Assessing a machine with 2 NICs Michael Boman (Sep 12)
- Re: Assessing a machine with 2 NICs Justin . Ross (Sep 12)
- RE: Assessing a machine with 2 NICs Richard Zaluski (Sep 12)
- Re: Assessing a machine with 2 NICs Mark Owen (Sep 12)
- Re: Assessing a machine with 2 NICs Fauchon Olivier (Sep 14)
- <Possible follow-ups>
- RE: Assessing a machine with 2 NICs Derick Anderson (Sep 12)
- Re: RE: Assessing a machine with 2 NICs aldo (Sep 14)