Penetration Testing mailing list archives

Re: Testing load balanced servers behind NAT

From: Alex Butcher <alex () s3 integralis co uk>
Date: Fri, 07 Sep 2001 10:08:58 +0100

Andrew Koh wrote:

On getting internal IP:
Besides misconfigured DNS and snmp, are there any other ways to findout internal host IP?

Sometimes requesting non-existent files using HTTP (you don't say theservers are running this, but...) can reveal internal IP addresses inthe error messages.

Also, if it's an Apache webserver, the test-cgi and printenv CGI scriptscan be used for information gathering purposes. If it's IIS, hell, gofor Unicode MS00-078 or MS01-026. :)


Best Regards,
Alex.
--
Alex Butcher                                      PGP/GnuPG Key IDs:
Consultant, S3 Systems Security Services          alex@s3       B7709088
PGP: http://www.s3.integralis.co.uk/pgp/alex.pgp  alex.butcher@ 885BA6CE


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Testing load balanced servers behind NAT Andrew Koh (Sep 06)
- Re: Testing load balanced servers behind NAT Bill Pennington (Sep 06)
- Re: Testing load balanced servers behind NAT Alex Butcher (Sep 07)
  - Re: Testing load balanced servers behind NAT Carlos Carvalho (Sep 10)
- RE: Testing load balanced servers behind NAT Javier Megias (Sep 07)