Re: testing for IP address space leakage in NAT systems

• Previous message: R P G: "Re: testing for IP address space leakage in NAT systems"
• In reply to: R P G: "testing for IP address space leakage in NAT systems"
• Next in thread: Gamble: "Re: testing for IP address space leakage in NAT systems"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 21 Jan 2002 16:50:53 -0500
From: Thomas Reinke <reinke@e-softinc.com>
To: R P G <inittab@jtan.com>

Not reliable, but if there are any accessible web servers
behind the NAT device, check the Content-Location tag. It
may yield non-routable address information.

Statistically, not a good bet - but still, a better than
1 in 20 chance, if the server is IIS, that you will get
non-routable addressing information out of it, and that
the server is giving this information to everyone who
connects to it.
(See
http://www.securityspace.com/s_survey/data/man.200112/firewalled_cloc.html
for stats breakdown)

Thomas

R P G wrote:
>
> I was wondering if anyone knows of a method to test a NAT system for
> address space leakage.
>
> Thanks.
>
> --Bob
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Previous message: R P G: "Re: testing for IP address space leakage in NAT systems"
• In reply to: R P G: "testing for IP address space leakage in NAT systems"
• Next in thread: Gamble: "Re: testing for IP address space leakage in NAT systems"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: Re-opening an old thread: NetWare-Enterprise-Web-Server/5.1 - -As sistence requested. ... I remember finding this on a netware server that I was auditing. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) Re: how many clients per server w/ nessus? ... We accidentally just had 9 concurrent scans running from various clients. ... The server is a Netra X1 running Solaris 2.8. ... >> This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) Re: Re-opening an old thread: NetWare-Enterprise-Web-Server/5.1 --As sistence requested. ... > server at one of our pen-test clients with this NetWare HTTP/HTTPS server. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) Re: faster scans? (nmap) ... one host using nmap for syn scans in burst mode with the ... >>>This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) Re: pen test help please asap ... > Machine A on client site makes a configurable encrypted OUTBOUND ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ... (Pen-Test)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint