And with all due respect, philosophically speaking, if any part of the reason for scanning the box is to see what sorts of security issues are in play, you must scan every IP that's on the box, and every port on every IP, and with at least two unrelated port scanners.
I know that takes a long time. I also know a lot of grumps who swear that this sort of thing is only an exercise in tedium and really isn't necessary--and it isn't if the point of the audit is only to have accomplished an audit. James On May 30, 2008, at 8:33 AM, Ron Gula wrote: > Yanyan Wang wrote: >> Is there a more efficient way to scan computers with multiple IPs >> than scanning every individual IP? Thanks. >> > > It depends on what you are trying to accomplish: > > - If you feel each IP address has the same services and security > (firewall rules) then scan just one IP. > > - If you want to perform a full audit of the box, do a credentialed > patch audit. > > - If different IPs have different services on them (i.e., a web server > with multiple virtual IPs) you would likely want to audit each IP. > > - If each IP is on a different LAN/DMZ/network and offering different > services to different networks, you may not only need to scan each > IP, but scan each IP from the correct local segment. For example, > you may have a machine with a NIC in the DMZ and one on the > corporate > LAN. Scanning the DMZ IP from the corporate LAN might have firewall > rules that prevent a full audit. > > Ron Gula > Tenable Network Security > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
