Hi,
Websites are often hosted on 3rd party providers, which host many websites on a single server. By running Apache/Nginx, that single physical server IP address (1.1.1.1) can be associated with many different domains on the same port. E.g., xyz.io:443, example.com:443, all being served by the same physical IP but at different ports per session.
If I configure an InsightVM site with “example.com”, the discovery and scan use the IP 1.1.1.1 instead of DNS – and thus pick up several active ports >1024. This causes it to report vulnerabilities for websites other than example.com (e.g., WordPress versions, open directory listings, etc.).
Is there a way to restrict insightVM to request only the DNS instead of the IP – e.g., “example.com:443” instead of “1.1.1.1:443”?
How are folks dealing with scanning public assets that are mult-tenant?
Thanks,
G.