Penetration Testing mailing list archives
Re: testing for IP address space leakage in NAT systems
From: Chris Keladis <Chris.Keladis () cmc cwo net au>
Date: Tue, 22 Jan 2002 10:40:38 +1100
Hi Bob,Alot of times misconfigured web servers return a "Content-Location" header which displays an internal IP..
Another good way is using things like epmapper, or BindViews rpctools, or AtStake's dcetest to query a (Win32) DCE epmapper.
Sometimes, you find things when looking through the HTML code, comments, maybe even some code to speak to any back-end servers.
Then there is trying to talk SNMP to the NAT device, which may even return the exact mappings if your lucky! :)
Other techniques may involve firewalking depending on how the victim border routers/firewalls are configured.
And something that just popped into my head is getting a HTTP server to return an error. Alot of times the errors are overly verbose, giving up an IP.
HTH, Chris. At 12:02 PM 21/01/2002 -0500, R P G wrote:
I was wondering if anyone knows of a method to test a NAT system for address space leakage.
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Re: Medium Scale Scanning Best Practices, (continued)
- Re: Medium Scale Scanning Best Practices miguel . dilaj (Jan 15)
- RE: Medium Scale Scanning Best Practices Aleksander P. Czarnowski (Jan 16)
- Re: Medium Scale Scanning Best Practices John Malconian (Jan 18)
- Re: Medium Scale Scanning Best Practices Troy Davis (Jan 19)
- testing for IP address space leakage in NAT systems R P G (Jan 21)
- Re: testing for IP address space leakage in NAT systems R. DuFresne (Jan 21)
- Re: testing for IP address space leakage in NAT systems Frank (Jan 21)
- Re: testing for IP address space leakage in NAT systems Thomas Reinke (Jan 21)
- Re: testing for IP address space leakage in NAT systems Gamble (Jan 22)
- Re: testing for IP address space leakage in NAT systems Iván Arce (Jan 22)
- Message not available
- Re: testing for IP address space leakage in NAT systems Chris Keladis (Jan 22)