Andrew Koh wrote: > On getting internal IP: > Besides misconfigured DNS and snmp, are there any other ways to find > out internal host IP? Sometimes requesting non-existent files using HTTP (you don't say the servers are running this, but...) can reveal internal IP addresses in the error messages. Also, if it's an Apache webserver, the test-cgi and printenv CGI scripts can be used for information gathering purposes. If it's IIS, hell, go for Unicode MS00-078 or MS01-026. :) Best Regards, Alex. -- Alex Butcher PGP/GnuPG Key IDs: Consultant, S3 Systems Security Services alex@s3 B7709088 PGP: http://www.s3.integralis.co.uk/pgp/alex.pgp alex.butcher@ 885BA6CE ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri Sep 07 2001 - 11:11:09 PDT