Penetration Testing mailing list archives

Re: Testing load balanced servers behind NAT

From: Carlos Carvalho <carlos () fisica ufpr br>
Date: Sat, 8 Sep 2001 12:17:54 -0300

Alex Butcher (alex () s3 integralis co uk) wrote on 7 September 2001 10:08:

Andrew Koh wrote:

On getting internal IP:
Besides misconfigured  DNS and snmp, are there any other ways to find 
out internal host IP?


Sometimes requesting non-existent files using HTTP (you don't say the 
servers are running this, but...) can reveal internal IP addresses in 
the error messages.


Sometimes email headers also reveal internal IPs or hostnames, such as
our case right now.

However I don't see the usefulness of having internal IPs, since
they're unreachable from the outside anyway. And once you're inside,
it's not at all a secret...

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Testing load balanced servers behind NAT Andrew Koh (Sep 06)
- Re: Testing load balanced servers behind NAT Bill Pennington (Sep 06)
- Re: Testing load balanced servers behind NAT Alex Butcher (Sep 07)
  - Re: Testing load balanced servers behind NAT Carlos Carvalho (Sep 10)
- RE: Testing load balanced servers behind NAT Javier Megias (Sep 07)