Re: Testing load balanced servers behind NAT

• Previous message: Aleksander Czarnowski: "RE: Security Audit"
• In reply to: Andrew Koh: "Testing load balanced servers behind NAT"
• Next in thread: Carlos Carvalho: "Re: Testing load balanced servers behind NAT"
• Reply: Carlos Carvalho: "Re: Testing load balanced servers behind NAT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Andrew Koh wrote:

> On getting internal IP:
> Besides misconfigured  DNS and snmp, are there any other ways to find 
> out internal host IP?

Sometimes requesting non-existent files using HTTP (you don't say the 
servers are running this, but...) can reveal internal IP addresses in 
the error messages.

Also, if it's an Apache webserver, the test-cgi and printenv CGI scripts 
can be used for information gathering purposes. If it's IIS, hell, go 
for Unicode MS00-078 or MS01-026. :)

Best Regards,
Alex.
-- 
Alex Butcher                                      PGP/GnuPG Key IDs:
Consultant, S3 Systems Security Services          alex@s3       B7709088
PGP: http://www.s3.integralis.co.uk/pgp/alex.pgp  alex.butcher@ 885BA6CE


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Next message: Rainer Duffner: "commandline port-scanner for NT ?"
• Previous message: Aleksander Czarnowski: "RE: Security Audit"
• In reply to: Andrew Koh: "Testing load balanced servers behind NAT"
• Next in thread: Carlos Carvalho: "Re: Testing load balanced servers behind NAT"
• Reply: Carlos Carvalho: "Re: Testing load balanced servers behind NAT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Sep 07 2001 - 11:11:09 PDT