Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: testing for IP address space leakage in NAT systems

From: Chris Keladis <Chris.Keladis () cmc cwo net au>
Date: Tue, 22 Jan 2002 10:40:38 +1100
Hi Bob,
Alot of times misconfigured web servers return a "Content-Location" header which displays an internal IP..
Another good way is using things like epmapper, or BindViews rpctools, or AtStake's dcetest to query a (Win32) DCE epmapper.
Sometimes, you find things when looking through the HTML code, comments, maybe even some code to speak to any back-end servers.
Then there is trying to talk SNMP to the NAT device, which may even return the exact mappings if your lucky! :)
Other techniques may involve firewalking depending on how the victim border routers/firewalls are configured.
And something that just popped into my head is getting a HTTP server to return an error. Alot of times the errors are overly verbose, giving up an IP. 



HTH,

Chris.


At 12:02 PM 21/01/2002 -0500, R P G wrote:


I was wondering if anyone knows of a method to test a NAT system for
address space leakage.



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: