Here is a quote from the old nessusd man page:
--------------------------------------------------------------------------------------------- ____ Force the source IP of the connections established by Nessus to __ checks need to fully establish a connection to the remote host. This option is only useful if you have a multi-homed machine with multiple public IP addresses that you would like to use instead of the default one. Example : will make establish connections with a source IP of one among those listed above. For this setup to work, the host running nessusd should have multiple NICs with these IP addresses set ---------------------------------------------------------------------------------------------- Experimenting with -S without those multiple NICs would probably yield inconclusive results. -geoff ----------------------------------------- Geoff Galitz Blankenheim, Germany http://www.galitz.org On Wed 04/11/09 12:24 , "Chandrashekhar B" bchan...@secpod.com sent: Hello, I have tested giving a valid IP address to -S, and the source address remains the actual IP address and not the given. So, not really sure about the purpose of -S. Thanks, Chandra. > From: Srinivasa NL [nl.srini...@gmail.com] > Sent: Tuesday, November 03, 2009 9:59 PM > To: Chandrashekhar B > Cc: Tim Brown; openvas-devel@wald.intevation.org; Jan-Oliver Wagner > Subject: Re: [Openvas-devel] openvasd -S option > > > Hi, > I am reopening the -S option issue. > I am still not clear about the purpose of -S option. The addresses supplied along with > -S option are "randomly" chosen and the sever binds to that chosen address. I don't know >>> how >this is useful when server is multi-homed or you want to spoof address to get around > firewalls.Also I haven't really checked whether the connection goes through when you give > "any" legal ipv4 address. -----Original Message----- From: openvas-devel-boun...@wald.intevation.org [openvas-devel-boun...@wald.intevation.org] On Behalf Of Tim Brown Sent: Friday, September 04, 2009 8:12 PM To: openvas-devel@wald.intevation.org Cc: 'Jan-Oliver Wagner' Subject: Re: [Openvas-devel] openvasd -S option On Friday 04 September 2009 15:35:57 Geoff Galitz wrote: >> Changing the source IP is frequently used for IDS evasion and spoofing the >> address of another system or network to get around firewall rules. >> Typically the spoofing does not work so well with TCP connections, but is >> more effective with UDP scans. If the scanner was on the same local >> network as the target the TCP spoofed scan would stand a better chance of >> success (since the MAC address would still be intact). >> >> I think it would be useful to retain this feature. It is good for auditing >> firewall and IDS systems. > Also useful it you have a multi homed machine and want to force traffic down a > specific interface irrespective of routes. This looks to be the real purpose! Chandra. _______________________________________________ Openvas-devel mailing list Openvas-devel@wald.intevation.org _______________________________________________ Openvas-devel mailing list Openvas-devel@wald.intevation.org
_______________________________________________ Openvas-devel mailing list Openvas-devel@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-devel
