|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Multiple IP on the same server howo to idenfity
From: Yonatan Bokovza (Yonatan
xpert.com)
Date: Thu Jun 10 2004 - 17:12:58 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> -----Original Message-----
> From: NetExpress [mailto:NetExpressinfogroup.it]
> Sent: Thursday, June 10, 2004 13:13
> To: pen-testsecurityfocus.org
> Subject: Multiple IP on the same server howo to idenfity
>
>
> Hi, the problem is, if I am doing a penetration test from internte to
> many servers, probably there should be some IP ont the same server o
> network adapter like load balancer.
> In a report, and to avoid false positive, should be usefull
> to identify
> which IPs are on the same server, but how?
> If I should be in the internal network I am testing I'll use
> arp to find
> the MAC address of each IP and I should have solved, but from
> Internet I
> cannot use arp.
>
> From Internet I could use the banner, but this is not sure, I could
> have more then one application server on the same server with n-IP on
> application server A and m-IP on the application server B getting the
> banner should not be the right choise especialy with proxy.
>
> Any idea?
You could use the TCP Timestamp option to see the uptime of both
servers. If it is similar enough, there is a good chance it is the same
server. (unless the loadbalancer changes the Timestamp...)
See section 3.2 here:
http://www.faqs.org/rfcs/rfc1323.html
Regards,
Yonatan Bokovza
IT Security Consultant
Xpert Systems
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]