Penetration Testing mailing list archives
Re: Enumeration of NAT'ed computer names
From: Technica Forensis <forensis.technica () gmail com>
Date: Tue, 17 Jan 2006 15:43:05 -0500
There is a good article in last phrack "TCP Timestamp to count hosts behind NAT" in Linenoise. May be it will help you.
Windows doesn't use the tcp timestamp field by default, unless a connection is started with it with the field in use. So for that to work, you would have to flood/scan their internal network with packets that are using the timestamp field and catch the results. Then, by comparing the drift in the timestamps you should be able to tell how many devices the NAT is translating for. ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Enumeration of NAT'ed computer names flightofpenguins (Jan 16)
- Re: Enumeration of NAT'ed computer names Byron Sonne (Jan 18)
- Re: Enumeration of NAT'ed computer names Tim (Jan 18)
- <Possible follow-ups>
- Re: Enumeration of NAT'ed computer names insecure (Jan 17)
- Re: Enumeration of NAT'ed computer names Technica Forensis (Jan 18)
- Re: Enumeration of NAT'ed computer names Kurt Keys (Jan 18)