|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Multiple IP on the same server howo to idenfity
From: Frank Knobbe (frank
knobbe.us)
Date: Thu Jun 10 2004 - 16:28:39 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, 2004-06-10 at 05:12, NetExpress wrote:
> Hi, the problem is, if I am doing a penetration test from internte to
> many servers, probably there should be some IP ont the same server o
> network adapter like load balancer.
> In a report, and to avoid false positive, should be usefull to identify
> which IPs are on the same server, but how?
If you can observe response packets from the servers (responses to UDP
or ICMP requests, or simple TCP requests such as telnetting to an open
port), then you can fingerprint the IP stack by hand. Examine TTL, IP ID
and Window size. Most systems don't randomize the IP ID, so you can
easily distinguish between different servers by watching the IP ID.
Remember, tcpdump is your friend :)
Regards,
Frank
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
iD8DBQBAyNKGJjGc5ftAw8wRAgqVAKCPYi8khu+nwXxRM/cVv2vWWR5hcACgy1n0
wicv73Y3N0xLUatu413SRA0=
=5cnH
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]