On Thu, Aug 29, 2002 at 02:36:52PM +0200, Jerome Iffrig wrote:
> My point was: If I run NESSUS server on the same server as the one to be
> tested (against external attacks), the same server that insure the
> connection from the internal network to the external world (www) and which
> is protected by a firewall, any packet sent by NESSUS in purpose of the
> checking have great chances to be stopped by the firewall in either sides:
> IN and/or OUT - In this environment, in my understanding NESSUS cannot do
> its job correctly -
If nessusd is running ON the firewall itself (assuming it's a BSD/Linux
host), then packets will go through the loopback interface and should go
through.
But...
[...]
> Basically my understanding problem is the following: How can I pretend to
> "attack" myself from the outside when nessusd in running on the server
> INSIDE the firewall (note that some iptables rules might not only stop
> packets from getting inside the internal network, but also stop packets
> willing to go out)
Just play a little with the wires. Let's say your external IP address is
208.47.125.33 and you want to have the point of view of an attacker.
- Unplug your firewall from the internet, and plug its ethernet port
into a hub
- Change the IP address of a computer on your local network to something
in the same subnet - say 208.47.125.34
- Scan .33 from .34, and voila! You've an external point of view of your
firewall (at the cost of being offline for a moment).
Another solution would be to install a nessusd somewhere outside on the
big bad internet.
-- Renaud
-
[EMAIL PROTECTED]: general discussions about Nessus.
* To unsubscribe, send a mail to [EMAIL PROTECTED] with
"unsubscribe nessus" in the body.
