Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: Multiple IP on the same server howo to idenfity
From: Andrew A. Vladimirov (mlistsarhont.com)
Date: Thu Jun 10 2004 - 19:34:56 CDT
Yonatan Bokovza wrote:
>>From: NetExpress [mailto:NetExpressinfogroup.it]
>>Sent: Thursday, June 10, 2004 13:13
>>Subject: Multiple IP on the same server howo to idenfity
>>Hi, the problem is, if I am doing a penetration test from internte to
>>many servers, probably there should be some IP ont the same server o
>>network adapter like load balancer.
>>In a report, and to avoid false positive, should be usefull
>>which IPs are on the same server, but how?
>>If I should be in the internal network I am testing I'll use
>>arp to find
>>the MAC address of each IP and I should have solved, but from
>>cannot use arp.
>> From Internet I could use the banner, but this is not sure, I could
>>have more then one application server on the same server with n-IP on
>>application server A and m-IP on the application server B getting the
>>banner should not be the right choise especialy with proxy.
> You could use the TCP Timestamp option to see the uptime of both
> servers. If it is similar enough, there is a good chance it is the same
> server. (unless the loadbalancer changes the Timestamp...)
> See section 3.2 here:
> Yonatan Bokovza
> IT Security Consultant
> Xpert Systems
Yep, TCP timestamps, TCP sequence numbers and IP ID's. Plus, of course,
OS fingerprinting and banner grabbing. ISNprober, hping2, nmap and both
xprobes will do the job.