On Fri, 26 Jan 2001, Mukund spewed into the ether:
> How does that affect. If a port is open it is open wheather the
> interface is a lo/eth/ppp
Actually lo||(eth||ppp)
> In fact scanning from the same machine is more advisable as it will
> bypass the fire wall and give a correct status.
Actually, quite the reverse. You want to enter remotely, you will have
to get the same results as an attacker from outside your firewall, and
from an attacker inside your DMZ (if any). Some ports are accessible
only to lo, and inputs from other interfaces are rejected automatically
unless specifically allowed to connect. (For example, X (port 6000)
should only be from your local machine unless explicitly permitted to
be remote).
There was quite a good post on why remote scanning is better on one of
the securityfocus lists, I'll check out my archives on Monday and
forward the mail.
Devdas Bhagat
--
The clothes have no emperor.
-- C.A.R. Hoare, commenting on ADA.
----------------------------------------------
Find out more about this and other Linux India
mailing lists at http://lists.linux-india.org/
