I've run into a strange problem when scanning from a system set up with one interface and an additional IP alias. The interface is set up as 199.xxx.xxx.xxx and the alias is set to 10.49.202.21. This is on Linux with Nessus 2.0.7.
Routes are set up correctly, and normal connections (e.g. ssh, telnet, ftp) all go through with the correct IP. However, when scanning with Nessus, I have found that if I try to scan a 10.49.202. address with anything OTHER than a tcp connect() scan, it will try to go through the 199. address, and be blocked by the firewall. The tcp connect() scan however goes through the 10.49.202. interface as expected, and produces an accurate port scan. This happens when using either nmap for scanning or nessus' scanning. Only connect() works in both cases. Any ideas why this is happening? Is there something about IP Aliases that I'm missing here? Thanks.
