RE: Assessing a machine with 2 NICs

From: Derick Anderson (danderson_at_vikus.com)
Date: 09/12/05

  • Next message: Richard Zaluski: "RE: Assessing a machine with 2 NICs" 
    Date: Mon, 12 Sep 2005 07:38:31 -0400
To: <pen-test@securityfocus.com>

    > -----Original Message-----
    > From: barcajax@gmail.com [mailto:barcajax@gmail.com]
    > Sent: Thursday, September 08, 2005 8:09 PM
    > To: pen-test@securityfocus.com
    > Subject: Assessing a machine with 2 NICs
    >
    > Lets say we have a machine running critical business
    > applications connected to the enterprise network on 2 NICs.
    > From an assessment/audit point of view, is it necessary to
    > scan both NICs using assessment tools like NMap and Nessus?
    > Will both scan results produce the same findings (as in same
    > ports and services open)?
    > Does the OS or applications influence the detection of
    > ports/services on different NICs on the same physical machine?
    >

    The machine doesn't have to run the same services on both NICs. In my
    shop we have several machines with two or more virtual interfaces (one
    NIC, but responds to several IPs) for the purpose of hosting SSL sites.
    So you might see ports 80 and 443 open on the first IP but only 443 on
    the second. Having said that, most machines with two physical NICs have
    them for redundancy and/or speed and by default most services bind to
    all available IPs.

    What you will see with a scan depends entirely on the service
    configurations on the machine. I wouldn't think the OS would do things
    differently on separate NICs but you never know.

    Derick Anderson

    ------------------------------------------------------------------------------
    Audit your website security with Acunetix Web Vulnerability Scanner:

    Hackers are concentrating their efforts on attacking applications on your
    website. Up to 75% of cyber attacks are launched on shopping carts, forms,
    login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
    futile against web application hacking. Check your website for vulnerabilities
    to SQL injection, Cross site scripting and other web attacks before hackers do!
    Download Trial at:

    http://www.securityfocus.com/sponsor/pen-test_050831
    -------------------------------------------------------------------------------

  • Next message: Richard Zaluski: "RE: Assessing a machine with 2 NICs"

    Relevant Pages

    • Re: 10Base-T vs. 100Base-T (discussion)
      ... several devices sharing the wire -- in one or more applications -- then ... Smaller processors using older technology NICs are usually bandwidth ... Is it "real time" ... The design in progress currently (totally different market) deliberately ...
      (comp.arch.embedded)
    • Re: Assessing a machine with 2 NICs
      ... Assessing a machine with 2 NICs ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ...
      (Pen-Test)
    • Re: Server 2003 - File Sharing Locking Up
      ... nbtstat -n in a command window to see which name is in the Conflict ... I use the nbtstat -n and get nothing. ... and the other NIC is for Applications. ... Disable one of the NICs on your computer. ...
      (microsoft.public.windows.server.general)
    • Re: How to work with a server with two NICs?
      ... > We have a server with two NICs. ... Our applications are set to use one IP ... How can we configure the server in order to ... Prev by Date: ...
      (microsoft.public.win2000.networking)
    • How to work with a server with two NICs?
      ... Our applications are set to use one IP address. ... How can we configure the server in order to take advatage of both NICs? ...
      (microsoft.public.win2000.networking)
    • Quantcast