Penetration Testing mailing list archives
Re: Confirmation on Loadbalancing
From: Tim <tim-pentest () sentinelchicken org>
Date: Sun, 23 Oct 2005 16:42:46 -0400
B> Is it a load balancing firewall / firewall in failover B> mode or Cisco PIX is generating a randor IPID? Probably yes, check also - ISN changes - Window size - TTL changes (open ports..may indicate NAT/LB) - TOS - etc all fields which may change on different machines
Hello, I've never tried this, but you could also try inducing connections back to yourself from those servers. For instance, if mail servers perform reverse DNS lookups or if you can get a border mail relay to accept a message that you know will bounce later, then you might be able to get those servers to come back through the firewall to you. Since hosts often allocate source ports in sequence and NAPT systems don't normally re-write source ports unless there is a conflict, you might be able to tell if there are multiple systems connecting back to you. Probably a lot harder to pull off than the suggestions above though. tim ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Confirmation on Loadbalancing BSK (Oct 22)
- Re: Confirmation on Loadbalancing Thierry Zoller (Oct 23)
- Re: Confirmation on Loadbalancing Tim (Oct 24)
- Re: Confirmation on Loadbalancing Thierry Zoller (Oct 23)