Penetration Testing mailing list archives
Re: Multiple IP on the same server howo to idenfity
From: Frank Knobbe <frank () knobbe us>
Date: Thu, 10 Jun 2004 16:28:39 -0500
On Thu, 2004-06-10 at 05:12, NetExpress wrote:
Hi, the problem is, if I am doing a penetration test from internte to many servers, probably there should be some IP ont the same server o network adapter like load balancer. In a report, and to avoid false positive, should be usefull to identify which IPs are on the same server, but how?
If you can observe response packets from the servers (responses to UDP or ICMP requests, or simple TCP requests such as telnetting to an open port), then you can fingerprint the IP stack by hand. Examine TTL, IP ID and Window size. Most systems don't randomize the IP ID, so you can easily distinguish between different servers by watching the IP ID. Remember, tcpdump is your friend :) Regards, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Multiple IP on the same server howo to idenfity NetExpress (Jun 10)
- Re: Multiple IP on the same server howo to idenfity Paul Johnston (Jun 11)
- Re: Multiple IP on the same server howo to idenfity Frank Knobbe (Jun 14)
- <Possible follow-ups>
- RE: Multiple IP on the same server howo to idenfity Yonatan Bokovza (Jun 10)
- Re: Multiple IP on the same server howo to idenfity Andrew A. Vladimirov (Jun 11)
- RE: Multiple IP on the same server howo to idenfity Amin Tora (Jun 10)
- RE: Multiple IP on the same server howo to idenfity Pursifull, Mike (Jun 11)
- RE: Multiple IP on the same server howo to idenfity Frank Knobbe (Jun 16)
- RE: Multiple IP on the same server howo to idenfity Amin Tora (Jun 17)