> -----Original Message----- > From: Vel [mailto:velat_private] > Sent: Monday, April 28, 2003 18:07 > To: pen-testat_private > Subject: internal IP address revealed by e-mail > > > > HI all, > > question I have is: > > If e-mail header reveals the internal IP address of the > sender (10.x.x.x), > then how can this info be used for mapping the internal network. You can't use the 10/8 IP address to attack your target directly, because it's not routable, as you've noticed. You will be able to use it if (when?) you'd compromise a target that has both real IP address and 10/8 IP address. The 10/8 IP address can be used to get a clearer map of the internal network (segmentation and duplication issues). There are blind attacks that might be relevant. They are "blind" in the sense that you [ change the packet source to the 10/8 IP address and your IP ] will not get the response. ( Think about an attack where you send ICMP ECHO_REQUEST to the 10/8 IP address, with a spoofed source of the 10/8 network broadcast address. If no filtering equipment drops this obviously spoofed packet, it might cause your target to send a broadcast ECHO_REPLY. You can used ip_id matching trickeries to see if it succeeded. ) Best Regards, Yonatan Bokovza IT Security Consultant Xpert Systems --------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes. Download a free 15-day trial of VAM: http://www.securityfocus.com/StillSecure-pen-test ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed Apr 30 2003 - 10:28:23 PDT