Penetration Testing mailing list archives
Re: Testing load balanced servers behind NAT
From: Alex Butcher <alex () s3 integralis co uk>
Date: Fri, 07 Sep 2001 10:08:58 +0100
Andrew Koh wrote:
On getting internal IP:Besides misconfigured DNS and snmp, are there any other ways to find out internal host IP?
Sometimes requesting non-existent files using HTTP (you don't say the servers are running this, but...) can reveal internal IP addresses in the error messages.
Also, if it's an Apache webserver, the test-cgi and printenv CGI scripts can be used for information gathering purposes. If it's IIS, hell, go for Unicode MS00-078 or MS01-026. :)
Best Regards, Alex. -- Alex Butcher PGP/GnuPG Key IDs: Consultant, S3 Systems Security Services alex@s3 B7709088 PGP: http://www.s3.integralis.co.uk/pgp/alex.pgp alex.butcher@ 885BA6CE ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Testing load balanced servers behind NAT Andrew Koh (Sep 06)
- Re: Testing load balanced servers behind NAT Bill Pennington (Sep 06)
- Re: Testing load balanced servers behind NAT Alex Butcher (Sep 07)
- Re: Testing load balanced servers behind NAT Carlos Carvalho (Sep 10)
- RE: Testing load balanced servers behind NAT Javier Megias (Sep 07)