Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Trying to connect remotly fron Win 2003 to Nessus on Linux

from [John Scherff] Network Security [Permanent Link]
Subject: RE: Trying to connect remotly fron Win 2003 to Nessus on Linux
Date: Thu, 22 Sep 2005 08:51:10 -0700 
Salam,

Long answer: 

Iptables and netfilter (the kernel component of iptables) is a
host-based firewall for UNIX-like operating systems.  More specifically,
it is a stateful packet filter. (It has no application intelligence -
yet).

It's true that your broadband router gives you some protection against
the many threats lurking on the Internet, but in IT Security, we like to
take a defense-in-depth posture.  Defense-in-depth means setting up
multiple layers of hurdles between the bad guy and the stuff you value.


For example, your broadband router (your first layer of defense) keeps
out most direct attack vectors from outside your home network, but what
if you or your wife/son/daughter/significantother downloads a game
infected with a virus or worm?  Now the "bad guy" is inside.  What if
the payload of that virus surreptitiously opens a covert channel (e.g.,
a VPN connection of some type) to a "bad guy" computer?  He now has
unfettered access to your protected network.  But if you have host-based
firewalls (your second layer of defense) installed and running on all
your computers, and if your operating systems are hardened and otherwise
pretty secure, he's going to have a hard time doing anything
significant.  

If you have any ports open on the your host-based firewalls - say, SSH,
HTTP, HTTPS, FTP (the ones I remember seeing in your iptables dump) and
now Nessus, these represent an entry point through your second layer of
defense; however, if you keep your patches up-to-date and use very
strong passwords - e.g., minimum of 8 characters with a mixture of
uppercase, lowercase, numbers, special characters, and punctuation -
then you have an effective third layer of defense to keep the threats
out.

Note also that a broadband router combined with wireless opens up
another avenue of attack.  If you don't use wireless encryption, or if
you do use it but you have a vulnerable wireless AP (like some Linksys
firmware versions), you have an open door into your home network.  Even
if you're using 128-bit WEP, wardrivers and neighbors can hack into your
network with tools like AirSnort (granted, it takes a lot of time and a
lot of traffic for them to do that).  Use WPA instead.

Short answer: 

Keep iptables running.  It is your friend.

John Scherff
24 Hour Fitness
It's the way we make you feel - you^24

P.S., while I'm thinking about it, turn uPnP off on your broadband
router, and make sure external web access is turned off, too.

-----Original Message-----
From: Salam Y. ELIAS [mailto:salamlinux@free.fr] 
Sent: Thursday, September 22, 2005 4:16 AM
To: John Scherff
Subject: RE: Trying to connect remotly fron Win 2003 to Nessus on Linux

Wonderfull, so many thanks for your help.
However, there is something I dont catch, is iptables a service related
to TCP/IP networking stuff or a firewall that its name is iptables?

As I said, I have a router/Firewall ADSL Braodband which all my servers
are behind and it acts like a DHCP as well. So souyld I, or do I need
really iptables running?
On the other server, I stopped the firewall that ships with Win 2003
because I think the router/firewall is sufficient, NO?

Salam
On Wed, 2005-09-21 at 14:29 -0700, John Scherff wrote:

Salam,

Okay, open /etc/sysconfig/iptables and add the following line below 
the one that says --dport 22:

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 1241



-j ACCEPT

By the way, editing the /etc/sysconfig/iptables file is not usually 
the best way to alter your Linux personal firewall, but for simple 
changes like this, it's the quickest. Make sure you copy the original 
file to iptables.orig or something like that.

Also, if you don't know iptables, you should learn it.  It's a good 
way to close up some of the vulnerabilities that Nessus finds - 
particularly when there are no patches available to fix them.

- John Scherff

-----Original Message-----
From: Salam Y. ELIAS [mailto:salamlinux@free.fr]
Sent: Wednesday, September 21, 2005 2:08 PM
To: John Scherff
Subject: Re: Trying to connect remotly fron Win 2003 to Nessus on 
Linux

Enclosed is the iptabl;es file, to be honest with you, I have never 
touched it. This is a fresh new install Fedora Core 4 I did 10 days 
ago

Thasnks again for your help

On Wed, 2005-09-21 at 12:54 -0700, John Scherff wrote:

Send me your /etc/sysconfig/iptables file so I can tell you without 
breaking something else.

-----Original Message-----
From: Salam Y. ELIAS <salamlinux@free.fr>
To: John Scherff <JScherff@24hourfit.com>
Sent: Wed Sep 21 12:48:59 2005
Subject: RE: Trying to connect remotly fron Win 2003 to Nessus on 
Linux

So many thanks, you are correct, I ran Nessus client on the linux 
machine by typing nessus in a terminal session. However, when 
connecting there is a box where this port is specified.

As I said, I am new to Linux and nessus, so how can I open the port,



how do I use IPTABLES? I have my Router who assign IPs to my 
machines,



my Linux has always 192.168.0.10

On Wed, 2005-09-21 at 11:32 -0700, John Scherff wrote:

Is iptables running on the Linux server running Nessus?  (My

question

assumes you were running the X client on the same machine as the

Nessus

daemon.)  If it is, you'll have to open up port 1241.

-----Original Message-----
From: nessus-bounces@list.nessus.org 
[mailto:nessus-bounces@list.nessus.org] On Behalf Of Salam Y. 
ELIAS
Sent: Wednesday, September 21, 2005 10:54 AM
To: nessus@list.nessus.org
Subject: Trying to connect remotly fron Win 2003 to Nessus on 
Linux

Thanks everybody, my nessus server is working fine, thanks folks.
However, when running the client on Linux, it connects and I 
managed

to

scan 2 servers. However, I downloaded the win32 version on a win

2003

box, I can not connect to the server on linux. Of course I ping 
the linux machine. Iget the following error in the output window


ERROR: Cannot establish connection with 192.168.0.10 (Socket error

0).


So is there a config param to allow/Deny clients remotly?

Second question, in the win32 interface, in setting dialog box I

have

the possibility to designate a database. On Linux I issue "nessus"

on a

terminal session to laumchthe client, is there another way or just

it is

not possible to point to a database.

Thanks

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus










_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: some preferences not provided from the nessus daemon?, George A. Theall
Next by Date:  Re: Long Delay After Login, eric
Previous by Thread:  RE: Trying to connect remotly fron Win 2003 to Nessus on Linux, John Scherff
Next by Thread:  Scanning multiple IP's provides weak results, andrewwhite
Indexes:  [Date] [Thread] [Top] [All Lists]