Use Scanning Tools on Local Machine

Use Scanning Tools on Local Machine

Post by Buck Turgidso » Sat, 21 Jun 2003 02:14:33



I want to use some security audit tools like Nessus and nmap, but I
understand that they really aren't very effective unless you are running
them on a machine outside the firewall containing the machine in question.

Is there a way to disable to loopback, or whatever is causing this, so that
these tools can be run on the same machine, specifying the public IP
address?

 
 
 

Use Scanning Tools on Local Machine

Post by Steven Mockin » Sat, 21 Jun 2003 02:29:38


On Thursday 19 June 2003 19:14, Buck Turgidson blurted:

Quote:> I want to use some security audit tools like Nessus and nmap, but I
> understand that they really aren't very effective unless you are running
> them on a machine outside the firewall containing the machine in question.

> Is there a way to disable to loopback, or whatever is causing this, so
> that these tools can be run on the same machine, specifying the public IP
> address?

Try sites like www.inprotect.com - they can do it for you and usually better
as well (oh and yes it's free).

--
Security check:    INTRUDER ALERT!

 
 
 

Use Scanning Tools on Local Machine

Post by James Knot » Sun, 22 Jun 2003 05:58:05



> I want to use some security audit tools like Nessus and nmap, but I
> understand that they really aren't very effective unless you are running
> them on a machine outside the firewall containing the machine in question.

> Is there a way to disable to loopback, or whatever is causing this, so
> that these tools can be run on the same machine, specifying the public IP
> address?

You have to use another computer, so that you're seeing exactly what an
intruder would see.   You can't do that from within your own computer.

--

Fundamentalism is fundamentally wrong.


james.knott.

 
 
 

1. Howto redirect traffic from local machine to internet back to local machine?

Hi!

I have the following problem:
A program (malware) is running on my linux box and i want to check what it
does.
This program sends a lot of traffic to different IP addresses on the internet.
I know the destination port(s), but i do not know the IP in advance.

How can i redirect all traffic (with known dest port) originating from my
local box to the internet back to my local machine?

To make it clearer:
Assume i want to redirect all connection attempts to external mail-servers
coming from my local machine back to my own box.

This is what i tried so far (my box has IP 192.168.100.182):
# cat fw.sh

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -F
iptables -t nat -A PREROUTING -p tcp -d ! 192.168.100.0/24 --dport 25 \
         -j DNAT --to 127.0.0.1:25

but unfortunately, it does not work:
$ telnet mail.gmx.net 25
Trying 213.165.64.20...
Connected to mail.gmx.net.     <---- of course, that's not my machine
Escape character is '^]'.
220 {mp033} GMX Mailservices ESMTP

The same happens with
iptables -t nat -A PREROUTING -p tcp -d ! 192.168.100.182 --dport 25 \
         -j DNAT --to 127.0.0.1:25

Why does this not work?

Can any kind soul please help me?

Thanks in advance!

Regards
Martin.

2. Which version to start with? (Kernal)

3. tar backup of a remote machine using rsh onto local tape - how?

4. want to learn

5. using a remote machine to connect to local X

6. Low powermode on Blade 150?

7. How to access local machine using ethernet interface, not loopback?

8. Railroad Tycoon II display

9. Local pop, ftp and telnet not working to local machine.

10. How to run local program using a remote machine?

11. Using X-Windows on a non-local machine

12. local scanning

13. scan disk for files tool