Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Scan a subnet behind a firewall

from [Biswas, Proneet] Network Security [Permanent Link]
Subject: RE: Scan a subnet behind a firewall
Date: Wed, 23 Mar 2005 15:07:07 -0800 
Is there any tool which can help us compare the results of the two scan
results - One is a scan from outside the firewall and one is from
inside, this could give us an idea of how good the firewall is?


----------------------------------------------
To have known the best, and to have known it for the best, is success in
life. 

-----Original Message-----
From: nessus-bounces@list.nessus.org
[mailto:nessus-bounces@list.nessus.org] On Behalf Of Dan Bowman
Sent: Wednesday, March 23, 2005 6:48 AM
To: reagles@gmail.com; Nessus
Subject: Re: Scan a subnet behind a firewall

Rick,

Hugo is correct, I have this question from customers all the time and
from 
personal experience prior to working for Tenable and what I see on a
weekly 
basis now, scanning through a firewall gives you less than desirable 
results.  The scans will yield inconsistent results, hosts may disappear
and 
reappear in subsequent scans, vulns will be missed, ports may be
reported as 
open that are not, others closed, scanning is nearly useless if you
don't 
control the firewall and it's pretty ugly even when you do.

You can use Nessus to perform detached scans which will likely best suit

your needs.  If you only have Windows systems on the other side of your 
network, you may want to try downloading our Windows based scanner, NeWT

which uses the same plugins as Nessus and is worked on by the same 
developers.  In the complimentary version (free of charge) it is able to

scan the local class C network it resides on.  If you can remote to any
of 
your systems on the other side of that firewall, you could run the scans
and 
pull the results.

See here for the download page: 
http://www.tenablesecurity.com/products/newt.shtml
Scroll down to the request link.

Regards,

-- Dan

Daniel Bowman
Director of Support & QA
Tenable Network Security
mailto:dan@tenablesecurity.com

----- Original Message ----- 
From: "Rick Eagles" <reagles@gmail.com>
To: "Nessus" <Nessus@list.nessus.org>
Sent: Tuesday, March 22, 2005 11:49 PM
Subject: Scan a subnet behind a firewall


hello everyone!

I want to scan a subnet behind a firewall in another location, but I 
cannot shutdown the firewall,I am the administrator of the subnet but

not 

the firewall's.

How can I scan my computers?

I want to open a socks5 proxy server on the firewall and let nessus

scan 

them through socks5 proxy, it will be OK?

Thanks in advance for any help provided.
and I am sorry for my poor English.

        Rick
        reagles@gmail.com
          2005-03-23
-----------------------------------------------------------------------

----

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus 


_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: CA License vulnerability plugin, Nicolas Pouvesle
Next by Date:  RE: False Positive for Plugin ID 10412 (SMB Registry Autologon), Mallory, Danny
Previous by Thread:  Re: Scan a subnet behind a firewall, Michel Arboi
Next by Thread:  Re: Scan a subnet behind a firewall, Jesper S. Jensen
Indexes:  [Date] [Thread] [Top] [All Lists]