RE: Assessing a machine with 2 NICs

From: Richard Zaluski (rzaluski@ivolution.ca)
Date: Mon Sep 12 2005 - 09:07:39 EDT


Each nick may have different services bound to it so the results will vary
for each nic.

If you are doing an Audit on a machine you should audit ALL connectivity an
not assume anything.

Richard Zaluski
CISO, Security and Infrastructure Services
iVOLUTION Technologies Incorporated
905.309.1911
866.601.4678
www.ivolution.ca
rzaluski@ivolution.ca
 

Key fingerprint = DB39 7FC3 1F5D AD94 85DD 78B0 774D 5DE5 B011 BD8C
=======================================================================
CONFIDENTIALITY NOTICE: This email message, including any
attachments, is for the sole use of the intended recipient(s) and may
contain confidential and privileged information. If you are not the
intended recipient, please contact the sender. Any unauthorized review,
use, disclosure, or distribution is prohibited.
=======================================================================
-----Original Message-----
From: barcajax@gmail.com [mailto:barcajax@gmail.com]
Sent: Thursday, September 08, 2005 8:09 PM
To: pen-test@securityfocus.com
Subject: Assessing a machine with 2 NICs

Lets say we have a machine running critical business applications connected
to the enterprise network on 2 NICs. From an assessment/audit point of view,
is it necessary to scan both NICs using assessment tools like NMap and
Nessus? Will both scan results produce the same findings (as in same ports
and services open)?
Does the OS or applications influence the detection of ports/services on
different NICs on the same physical machine?

----------------------------------------------------------------------------

--
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for
vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers
do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
----------------------------------------------------------------------------
---
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:52 EDT