Hello All, I want to run Nessus against my corporate gateway to see what threats we face from the outside world. The router that we have connecting us to the internet is a Cisco 805 running PAT. Is there a way to run nessus that it can be set to target the internal IP's (10.0.0.0) through the external IP of the router that anyone knows of? Or is there a tool that woill do this for us?. Please advise, thanks. Barry
On Wednesday 12 November 2003 05:20, Barry Gill wrote:
Hello All,
I want to run Nessus against my corporate gateway to see what threats we face from the outside world. The router that we have connecting us to the internet is a Cisco 805 running PAT.
Is there a way to run nessus that it can be set to target the internal IP's (10.0.0.0) through the external IP of the router that anyone knows of? Or is there a tool that woill do this for us?.
Please advise, thanks.
Barry
Barry, you might want to look at snot. But maybe not. If you have a NAT running, it only caches opened _connections_ between the external network and the internal network (ie, an internal computer has an ip assigned to a connection opened from a port number, at the NAT; only traffic on that connection should go through, unless you've assigned an external IP or port to the internal machine). At least, that's my understanding. It is possible to fool the intelligence in a NAT by spoofing a redirect on a current connection... that's someting you could try to do with snot, I think. Another common situation is sending improper IP sequences to random ip's and port's on the external interface; it may get lucky and get through to an actual machine internally -- I'd really appreciate it if someone more knowledgable could talk about stealth syns, resets, and the like that manage to get through a NAT. For that, nmap is probably the best tool. --r dorothy@oz:~> ls scarecrow tinman lion dorothy@oz:~> find . -name home There's no place like home.
participants (2)
-
Barry Gill -
dim owner