Andrew Koh wrote: > How would I test each server in the pool? Just take all the other servers out of the pool, test. remove that server put in another one, test etc etc > > Also, is there any other documentation on identifying hosts behind > proxy/NAT(like FW-1), their internal IP and getting to other internal > machines which are not directly accessible from outside? I find OS fingerprinting to not be very useful in most cases. Webservers generally give out the OS they are running on. > > On getting internal IP: > Besides misconfigured DNS and snmp, are there any other ways to find out > internal host IP? > 302 redirects will give up internal names/IP addresses. FW-1 (unless you have really messed up the config) should stop spoofing attempts cold. > On routing to internal machines: > The only way I can think of is bouncing off other internal hosts which are > accessible to the Internet. How does source routing work as there are many > routers out there which filter them. > Again FW-1 "should" stop this cold. > Any thoughts? > Think higher layers of the OSI model. Most likely there are flaws in the webserver or web application, if the firewall is passing this traffic there is not much it can do to protect you. -- Bill Pennington - CISSP ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Sep 06 2001 - 16:08:52 PDT