Re: Hopefully this is an intelligent question
From: Bill Matherly Jr (bmatherlyjr_at_cox.net)
Date: Tue, 06 May 2003 17:42:30 GMT
Dave Thornburgh wrote:
> "Bill Matherly Jr" <email@example.com> wrote in message
>>So your suggesting that if I am doing the auditing at the person's
>>physcial PC I should go ahead and use the loopback IP, and if I am
>>attempting to audit it remotely just use the server assigned IP?
> Not at all. I'm suggesting that you audit from another PC, using the
> external address of the target. Auditing a PC from that same PC can be
> misleading at best - some services may handle traffic at the loopback
> address differently than traffic at the external address. Also, any
> security measures (installed software firewall, operating system settings,
> etc.) may be less effective against traffic coming from inside that machine,
> no matter what address the traffic is aimed at. The only true test of a
> machine's vulnerabilities has to come from outside.
> You may as well just give up on the whole concept of the loopback address -
> it's just not germane to the concept of auditing for security purposes.
I was afraid you were going to tell me that :]
thanks for the input, Dave