Re: Multiple IP on the same server howo to idenfity
From: Frank Knobbe (frank_at_knobbe.us)
Date: 06/10/04
- Previous message: Andre Ludwig: "Re: Wireless pentesting requirements"
- In reply to: NetExpress: "Multiple IP on the same server howo to idenfity"
- Next in thread: Frank Knobbe: "RE: Multiple IP on the same server howo to idenfity"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: NetExpress <NetExpress@infogroup.it> Date: Thu, 10 Jun 2004 16:28:39 -0500
On Thu, 2004-06-10 at 05:12, NetExpress wrote:
> Hi, the problem is, if I am doing a penetration test from internte to
> many servers, probably there should be some IP ont the same server o
> network adapter like load balancer.
> In a report, and to avoid false positive, should be usefull to identify
> which IPs are on the same server, but how?
If you can observe response packets from the servers (responses to UDP
or ICMP requests, or simple TCP requests such as telnetting to an open
port), then you can fingerprint the IP stack by hand. Examine TTL, IP ID
and Window size. Most systems don't randomize the IP ID, so you can
easily distinguish between different servers by watching the IP ID.
Remember, tcpdump is your friend :)
Regards,
Frank
- application/pgp-signature attachment: This is a digitally signed message part
- Previous message: Andre Ludwig: "Re: Wireless pentesting requirements"
- In reply to: NetExpress: "Multiple IP on the same server howo to idenfity"
- Next in thread: Frank Knobbe: "RE: Multiple IP on the same server howo to idenfity"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
