On Monday 24 June 2002 13:00, Darren Young wrote: > I'd hate to do scans for someone that have the resulting data being > compromised. Perhaps the results should be stored on an internal / > protected machine?
Putting in firewall rules will most likely break some of the tests. Disable every service except SSH, run nessusd with "-a 127.0.0.1", then use a local port forward through SSH to access the daemon with the client on your workstation. Something you might try is to remove the default route on scanning machine (assuming your external network is a single segment). This would allow the scanner to access the external addresses, allow you to connect to the SSH port from behind a NAT gateway, and prevent anyone on the internet from accessing the system without compromising an external system or your uplink/router first... -HD
