Hi there We just did a vulnerability scan of a new Internet Web farm we have - and I did it by scanning a range of Internet IPs - as that was all the info I had.
Anyway, it didn't find anything of interest - and part of the reason for that was that these hosts had the "real" Web apps on non-default Virtualhosts - so scanning the IP lead to default IIS and Apache webpages instead of the actual apps. Totally understandable - but it brings up a real issue for us. All our Nessus servers are on the internal network - and use internal DNS servers. Our internal DNS is configured to return their *internal* IP addresses for these hosts - not their Internet IPs (ie NAT is involved). So if we replace the IP addresses to be scanned with hostnames, we'll get an internal scan instead of an Internet-scan - which will return details I'm not interested in. What we really need to do is to be able to tell nessusd to use a different set of DNS servers (ie external ones) for some scans and not for others. A new nessusrc config option sounds in order? :-) Anyone else have other ideas about how to get around this? Putting nessusd directly on the Internet isn't an option. These servers have too much internal work to do to move them around in such fundamental ways. Even editing /etc/resolv.conf before the scan isn't that doable - other internal scans could be running at the same time... -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
