On Thu, Jun 05, 2003 at 07:14:01PM -0700, Todd A. Jacobs wrote:
> On Thu, 5 Jun 2003, Todd A. Jacobs wrote:
>
> > Is there a place to define a source IP in nessus? I need something similar
> > to nmap's -S flag, or nmap simply binds to the loopback interface on my
> > box when spawned from nessus.
>
> A little more information about this box: it's a Virtuozzo virtual machine
> with the following:
> venet0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
> inet addr:127.0.0.1 Bcast:0.0.0.0 Mask:255.255.255.0
> UP BROADCAST RUNNING NOARP MASTER MTU:1500 Metric:1
> RX packets:1408727 errors:0 dropped:0 overruns:0 frame:0
> TX packets:3160659 errors:0 dropped:1724851 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:238860188 (227.7 Mb) TX bytes:268070342 (255.6 Mb)
>
> venet0:0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
> inet addr:10.10.2.5 Bcast:0.0.0.0 Mask:255.255.255.255
> UP BROADCAST RUNNING NOARP MASTER MTU:1500 Metric:1
>
> For whatever reason, nessus is sending a lot of traffic with a source port
> of 127.0.0.1,
Nessus lets the operating system choose the source IP and all this stuff
(it uses traditional TCP/UDP sockets for most of its job), and in your
case your operating system is misconfigured.
Either you should give venet0 a real IP address, or your should
add proper routing in your OS (ie: route add default venet0:0).
-- Renaud
