AW: Enumeration - determining Firewall/Router address

[Martin Muench <mmuench () it-sec de>]

That depends on the configuration of the system.

First step would be to check if the system is behind a NAT Firewall.
This can be done with hping/tcptraceroute etc.

Example: 
hping --traceroute -S -p 80 www.foo.bar

If you see the last IP address twice it is a good indication that the device
Is behind a nat firewall (meaning that the firewall is responding for the
external IP and the target system has a private IP in a DMZ)

A other option is to send a force the mail server to send a mail to a
external address. This can be done by:

- Sending a mail to an address which doesn't exist
- Sending a mail to an address which does exist and convince the reciever
  that he/she should send a response..
- Use a feature on the web application which is hosted on the server to
generate a mail (for example with a "send to a friend" feature)

Look at the mailheader of the mail, he might contain interesting
information.

Try to send a trace/track request to the webserver, this might help you
To detect reverse proxies...


-----Ursprüngliche Nachricht-----
Von: Michael Condon [mailto:admin () singulartechnologysolutions com] 
Gesendet: Dienstag, 21. Oktober 2008 16:44
An: security-basics () securityfocus com
Betreff: Enumeration - determining Firewall/Router address

When auditing a site that has a web site/mail server hosted on site, what 
are the methods to determine the ip address of the firewall & router in 
front of them?