Hello Ron, That was an excellent link. Please tell me one more thing, like if I have to scan all the protocols over TCP of a host behind the firewall from external world, should I have a policy for allowing all TCP traffic in my firewall? I hope am correct. Please correct me if I am wrong. I can proceed soon.
Regards, Girish On 5/9/07, Ron Gula <[EMAIL PROTECTED]> wrote:
Girish wrote: > Hello All, > > I am new to Nessus. My requirement is to run TCP , UDP, ICMP related > attacks from WAN to the the gateway. This is for validating the > Firewall capabilities of my gateway. > > Regards, > Girish Hi Girish, If you scan your gateway with Nessus, then you are testing the open ports and services of your gateway/firewall/IPS, not how well it is blocking attacks and probes. You should target a system behind your firewall or gateway and compare this to results of an internal scan of the same system. Please see this blog entry which also covers NAT issues for more information: http://blog.tenablesecurity.com/2006/08/using_nessus_to.html Ron Gula, CTO Tenable Network Security
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
