That's kind of what I thought. Are there any protections outside normal system hardening I should take on the public scanning machine? I was planning on Linux, probably RedHat 7.x, for this host. I guess TCP wrappers around nessusd would be out of the question. Is there any way to operate the scanner on a 'stealth' interface? It probably won't work as well.
I'd hate to do scans for someone that have the resulting data being compromised. Perhaps the results should be stored on an internal / protected machine? > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Hugo van der Kooij > Sent: Monday, June 24, 2002 12:50 PM > To: Nessus Nessus Mailing List > Subject: Re: Nessus Location > > > On Mon, 24 Jun 2002, Darren Young wrote: > > > Where is the "best" logical/physical position for a Nessus > scanning machine? > > In front of, behind or beside (DMZ) the firewall? When it's behind the > > firewall it generates quite a bit of noise with default > "passthrough" DENY > > and LOG rules. That's fine, I just want to be sure the firewall isn't > > dropping something that the scanner needs. Perhaps in a DMZ > with an "allow > > everything out and established"? > > Anything filtering in it's path will distort your measument and > invalidate > your findings. > > IMO the only allowed place would be outside your firewall if you want to > perform tests outside your own network. > > Hugo. > > -- > All email send to me is bound to the rules described on my homepage. > [EMAIL PROTECTED] http://hvdkooij.xs4all.nl/ > Don't meddle in the affairs of sysadmins, > for they are subtle and quick to anger.
